Filtered by vendor Mambo
Subscriptions
Total
123 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2006-3262 | 1 Mambo | 1 Mambo | 2024-11-21 | N/A |
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | ||||
CVE-2006-1956 | 2 Joomla, Mambo | 2 Joomla, Mambo | 2024-11-21 | N/A |
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message. | ||||
CVE-2006-1794 | 1 Mambo | 1 Mambo | 2024-11-21 | N/A |
SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php). | ||||
CVE-2006-0871 | 1 Mambo | 1 Mambo | 2024-11-21 | N/A |
Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector. | ||||
CVE-2005-4156 | 1 Mambo | 1 Mambo Open Source 4.5 | 2024-11-21 | N/A |
Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character. | ||||
CVE-2005-3738 | 1 Mambo | 1 Mambo Site Server | 2024-11-21 | N/A |
globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion. | ||||
CVE-2005-3586 | 1 Mambo | 1 Mambo | 2024-11-21 | N/A |
content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error. | ||||
CVE-2005-2002 | 1 Mambo | 1 Mambo | 2024-11-21 | N/A |
SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter. | ||||
CVE-2005-0512 | 1 Mambo | 1 Mambo | 2024-11-21 | N/A |
PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693. | ||||
CVE-2004-2143 | 1 Mambo | 1 Mambo Portal | 2024-11-21 | N/A |
SQL injection vulnerability in the ReMOSitory Server add-on module to Mambo Portal 4.5.1 (1.09) and earlier allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in the com_remository option. | ||||
CVE-2004-2072 | 1 Mambo | 1 Mambo Open Source | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter. | ||||
CVE-2004-1826 | 1 Mambo | 1 Mambo Open Source 4.5 | 2024-11-21 | N/A |
SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
CVE-2004-1825 | 1 Mambo | 1 Mambo Open Source | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters. | ||||
CVE-2004-1693 | 1 Mambo | 1 Mambo | 2024-11-21 | N/A |
PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code. | ||||
CVE-2004-1692 | 1 Mambo | 1 Mambo Open Source | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters. | ||||
CVE-2003-1245 | 1 Mambo | 1 Mambo Site Server | 2024-11-21 | N/A |
index2.php in Mambo 4.0.12 allows remote attackers to gain administrator access via a URL request where session_id is set to the MD5 hash of a session cookie. | ||||
CVE-2003-1204 | 1 Mambo | 1 Mambo Site Server | 2024-11-21 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4) uploadimage.php, the path parameter in (5) view.php, (6) the choice parameter in upload.php, (7) the sitename parameter in mambosimple.php, (8) the type parameter in upload.php, or the id parameter in (9) emailarticle.php, (10) emailfaq.php, or (11) emailnews.php. | ||||
CVE-2003-1203 | 1 Mambo | 1 Mambo Site Server | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter. | ||||
CVE-2002-2290 | 1 Mambo | 1 Mambo Site Server | 2024-11-21 | N/A |
Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges. | ||||
CVE-2002-2288 | 1 Mambo | 1 Site Server | 2024-11-21 | N/A |
Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message. |