CVE-2006-3980 – Mambo Component MGM 0.95r2 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-3980
PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad PHP de inclusión remota de archivo en administrator/components/com_mgm/help.mgm.php en Mambo Gallery Manager (MGM) 0.95r2 y anteriores para Mambo 4.5 permite a atacantes remotos ejecutar código PHP de su eleccción a través de una URL en el parámetro mosConfig_absolute_path. • https://www.exploit-db.com/exploits/2084 http://secunia.com/advisories/21268 http://securityreason.com/securityalert/1322 http://www.osvdb.org/27650 http://www.securityfocus.com/archive/1/441533/100/0/threaded http://www.securityfocus.com/bid/19224 http://www.vupen.com/english/advisories/2006/3054 https://exchange.xforce.ibmcloud.com/vulnerabilities/28072 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2006-3846 – Mambo Component multibanners 1.0.1 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-3846
PHP remote file inclusion vulnerability in extadminmenus.class.php in the MultiBanners 1.0.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en extadminmenus.class.php de MultiBanners 1.0.1 para Mambo permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro mosConfig_absolute_path. • https://www.exploit-db.com/exploits/2066 http://secunia.com/advisories/21168 http://securityreason.com/securityalert/1277 http://solpotcrew.org/adv/BlueSpy-adv-multibanners.txt http://www.securityfocus.com/archive/1/440881/100/0/threaded http://www.securityfocus.com/bid/19100 http://www.vupen.com/english/advisories/2006/2933 https://exchange.xforce.ibmcloud.com/vulnerabilities/27916 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2006-3843 – Mambo Module Calendar 1.5.7 - 'Com_Calendar.php' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2006-3843
PHP remote file inclusion vulnerability in com_calendar.php in Calendar Mambo Module 1.5.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter. Vulnerabilidad PHP de inclusión remota de archivo en com_calendar.php en Calendar Mambo Module 1.5.7 y anteriores permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro absolute_path. • https://www.exploit-db.com/exploits/28233 http://securityreason.com/securityalert/1272 http://www.securityfocus.com/archive/1/440407/100/0/threaded http://www.securityfocus.com/bid/19027 •
CVE-2006-3262 – Mambo 4.6rc1 - Weblinks Blind SQL Injection
https://notcve.org/view.php?id=CVE-2006-3262
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. Vulnerabilidad de inyección SQL en el modulo Weblinks (weblinks.php) en Mambo v4.6rc1 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "title". • https://www.exploit-db.com/exploits/1920 https://www.exploit-db.com/exploits/1941 http://retrogod.altervista.org/mambo_46rc1_sql.html http://secunia.com/advisories/20745 http://securityreason.com/securityalert/1158 http://securitytracker.com/id?1016334 http://www.mamboserver.com/?option=com_content&task=view&id=207 http://www.osvdb.org/26624 http://www.securityfocus.com/archive/1/437496/100/100/threaded http://www.securityfocus.com/bid/18492 http://www.vupen.com/englis •
CVE-2006-3263
https://notcve.org/view.php?id=CVE-2006-3263
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. Vulnerabilidad de inyección SQL en el modulo Weblinks (weblinks.php) en Mambo v4.6rc1 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "catid". • http://www.mamboserver.com/?option=com_content&task=view&id=207 •