Filtered by vendor Mambo
Subscribe
Total
123 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-4456 | 2 Mambo, Parkview Consultants | 2 Mambo, Simplefaq | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in Joomla! in addition to Mambo. | |||||
CVE-2007-4203 | 1 Mambo | 1 Mambo Open Source | 2024-11-21 | 9.3 HIGH | N/A |
Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter. | |||||
CVE-2007-2557 | 1 Mambo | 1 Mambo | 2024-11-21 | 4.0 MEDIUM | N/A |
MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2007-2196 | 2 Joomla, Mambo | 2 Jambook, Jambook | 2024-11-21 | 6.8 MEDIUM | N/A |
** DISPUTED ** PHP remote file inclusion vulnerability in jambook.php in the Jambook (com_Jambook) 1.0 beta7 module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a reliable third party because the jambook.php protects against direct request. | |||||
CVE-2007-2049 | 1 Mambo | 1 Mambo Calendar | 2024-11-21 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php. | |||||
CVE-2007-2005 | 2 Joomla, Mambo | 2 Taskhopper Component, Taskhopper Component | 2024-11-21 | 6.8 MEDIUM | N/A |
Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/. | |||||
CVE-2007-1702 | 1 Mambo | 1 Flatmenu | 2024-11-21 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in mod_flatmenu.php in the Flatmenu 1.07 and earlier Mambo module allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2007-1699 | 2 Joomla, Mambo | 2 Swmenu Component, Swmenu Component | 2024-11-21 | 10.0 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees. | |||||
CVE-2007-1596 | 2 Joomla, Mambo | 2 Nfn Address Book, Nfn Address Book | 2024-11-21 | 9.3 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php. | |||||
CVE-2007-0789 | 1 Mambo | 1 Mambo | 2024-11-21 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in Mambo before 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in cancel edit functions, possibly related to the id parameter. | |||||
CVE-2007-0374 | 2 Joomla, Mambo | 2 Joomla, Mambo | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. | |||||
CVE-2006-7202 | 1 Mambo | 1 Mambo Open Source | 2024-11-21 | 7.8 HIGH | N/A |
The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors. | |||||
CVE-2006-7150 | 1 Mambo | 1 Mambo Open Source | 2024-11-21 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php. | |||||
CVE-2006-7149 | 1 Mambo | 1 Mambo | 2024-11-21 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2) mcname parameter to (b) moscomment.php and (c) com_comment.php. | |||||
CVE-2006-7104 | 1 Mambo | 1 Mostlyce | 2024-11-21 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in htmltemplate.php in the Chad Auld MOStlyContent Editor (MOStlyCE) as created on May 2006, a component for Mambo 4.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2006-6634 | 1 Mambo | 1 Extcalthai Module | 2024-11-21 | 7.5 HIGH | N/A |
Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php. | |||||
CVE-2006-5044 | 2 Joomla, Mambo | 2 Prince Clan Chess Component, Prince Clan Chess Component | 2024-11-21 | 7.5 HIGH | N/A |
Unspecified vulnerability in Prince Clan (Princeclan) Chess component (com_pcchess) 0.8 and earlier for Mambo and Joomla! has unspecified impact and attack vectors. | |||||
CVE-2006-4556 | 2 Joomla, Mambo | 2 Jim Component, Jim Component | 2024-11-21 | 7.5 HIGH | N/A |
** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242. | |||||
CVE-2006-4553 | 2 Joomla, Mambo | 2 Com Comprofiler Component, Com Comprofiler Component | 2024-11-21 | 6.8 MEDIUM | N/A |
PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
CVE-2006-4375 | 1 Mambo | 1 Contacts Xtd Component | 2024-11-21 | 7.5 HIGH | N/A |
** DISPUTED ** PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined. |