VYPR

Vendor CVEs

Mambo (software)

All CVEs

177 total · sorted by risk
  • CVE-2006-7093Mar 2, 2007
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Security Patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2006-7092Mar 2, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in includes/mambo.php in Mambo LaiThai 4.5.4 SP2 and earlier allows remote attackers to execute arbitrary SQL commands via the usercookie[password] cookie parameter.

  • CVE-2007-0789Feb 6, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Mambo before 4.5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors in cancel edit functions, possibly related to the id parameter.

  • CVE-2007-0374Jan 19, 2007
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing.

  • CVE-2006-6049Nov 22, 2006
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in shambo2.php in the Shambo2 (com_shambo2) component for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2006-4556Sep 6, 2006
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not…

  • CVE-2006-4375Aug 26, 2006
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this…

  • CVE-2006-4286Aug 22, 2006
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by…

  • CVE-2006-4280Aug 21, 2006
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in anjel.index.php in ANJEL (formerly MaMML) Component (com_anjel) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a third party,…

  • CVE-2006-4281Aug 21, 2006
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in akocomments.php in AkoComment 1.1 module (com_akocomment) for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2006-4275Aug 21, 2006
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in catalogshop.php in the CatalogShop component for Mambo (com_catalogshop) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2006-4263Aug 21, 2006
    risk 0.00cvss epss 0.04

    Multiple PHP remote file inclusion vulnerabilities in the Product Scroller Module and other modules in mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1)…

  • CVE-2006-4269Aug 21, 2006
    risk 0.00cvss epss 0.03

    PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by…

  • CVE-2006-4229Aug 18, 2006
    risk 0.00cvss epss 0.02

    PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

  • CVE-2006-3981Aug 5, 2006
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in about.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is…

  • CVE-2006-3302Jun 29, 2006
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosC_a_path parameter. NOTE: the provenance of this information is unknown;…

  • CVE-2006-3263Jun 27, 2006
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.

  • CVE-2006-1956Apr 21, 2006
    risk 0.00cvss epss 0.01

    The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message.

  • CVE-2006-1957Apr 21, 2006
    risk 0.00cvss epss 0.02

    The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter.

  • CVE-2006-1421Mar 28, 2006
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in akocomment.php in AkoComment 2.0 module for Mambo, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) acname or (2) contentid parameter.

  • CVE-2005-4156Dec 11, 2005
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character.

  • CVE-2005-3586Nov 16, 2005
    risk 0.00cvss epss 0.01

    content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error.

  • CVE-2005-0512Feb 21, 2005
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than…

  • CVE-2003-1204Dec 31, 2003
    risk 0.00cvss epss 0.04

    Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via (1) the link parameter in sectionswindow.php, the directory parameter in (2) gallery.php, (3) navigation.php, or (4)…

  • CVE-2002-1662Dec 31, 2002
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration.

  • CVE-2002-2290Dec 31, 2002
    risk 0.00cvss epss 0.02

    Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges.

  • CVE-2001-1011Jul 25, 2001
    risk 0.00cvss epss 0.04

    index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.

Page 4 of 4