CVE-2007-6455 – Mambo 4.6.2 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6455
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en index.php de Mambo 4.6.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante los parámetros (1) Itemid en una opción com_frontpage y (2) option. • https://www.exploit-db.com/exploits/30899 http://secunia.com/advisories/28133 http://securityreason.com/securityalert/3462 http://www.securityfocus.com/archive/1/485257/100/0/threaded http://www.securityfocus.com/bid/26922 https://exchange.xforce.ibmcloud.com/vulnerabilities/39115 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-5362 – Joomla! Component mosmedialite451 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-5362
Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: vector 3 may be the same as CVE-2007-2043.2. Múltiples vulnerabilidades de inclusión remota de archivo en PHP en el componente Avant-Garde Solutions MOSMedia Lite (com_mosmedi) 4.5.1 para Mambo y Joomla! • https://www.exploit-db.com/exploits/4499 http://osvdb.org/38586 http://osvdb.org/38587 http://osvdb.org/38588 http://www.securityfocus.com/bid/25960 https://exchange.xforce.ibmcloud.com/vulnerabilities/37015 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-5177 – Mambo Component Mambads 1.5 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-5177
SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter. Vulnerabilidad de inyección SQL en index.ph pdel componente MambAds (com_mambads) 1.5 y anteriores para Mambo permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro caid. • https://www.exploit-db.com/exploits/4469 http://osvdb.org/38590 http://www.securityfocus.com/bid/25865 https://exchange.xforce.ibmcloud.com/vulnerabilities/36875 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2007-4745
https://notcve.org/view.php?id=CVE-2007-4745
Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el componente AkoBook 3.42 y versiones anteriores (com_akobook) para Mambo, permiten a atacantes remotos la inyección de secuencias de comandos web o HTML de su elección a través de eventos de Javascript en los parámetros (1) gbmail y (2) gbpage en la función sign. • http://osvdb.org/37533 http://secunia.com/advisories/26706 http://securityreason.com/securityalert/3101 http://trew.icenetx.net/toolz/advisory-mambo-akobook-en.txt http://www.securityfocus.com/bid/25576 http://www.vupen.com/english/advisories/2007/3080 https://exchange.xforce.ibmcloud.com/vulnerabilities/36471 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-4505 – Mambo Component Remository - 'cat' SQL Injection
https://notcve.org/view.php?id=CVE-2007-4505
SQL injection vulnerability in index.php in the RemoSitory component (com_remository) for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action. Vulnerabilidad de inyección SQL en index.php del componente REmoSitory (com_remository) para Mambo permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cat en una acción selectcat. • https://www.exploit-db.com/exploits/4306 http://osvdb.org/38359 https://exchange.xforce.ibmcloud.com/vulnerabilities/36220 •