CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 3CVE-2009-4579
https://notcve.org/view.php?id=CVE-2009-4579
06 Jan 2010 — Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php. Vulnerabilidad de secuencias de comandos (XSS) en el componente Artist avenue (com_artistavenue) para Joomla!, y Mambo permite a atacantes remotos ejecutar código web o HTML de su elección a través del parámetro Itemid en index.php. • http://packetstormsecurity.org/0912-exploits/joomlaartistavenue-xss.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4474 – Mambo Component com_zoom - 'catid' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-4474
30 Dec 2009 — SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. Vulnerabilidad de inyección SQL en el componente Mike de Boer zoom (com_zoom) v2.0 para Mambo permite a atacantes remotos ejecutar comandos SQl de forma arbitraria a través del parámetro "catid" a index.php. • https://www.exploit-db.com/exploits/9588 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 3CVE-2009-4199 – Joomla! Component com_mosres - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2009-4199
04 Dec 2009 — Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the (2) regID parameter in a showregion action to index.php. Múltiples vulnerabilidades de inyección SQL en el componente Mambo Resident (aka Mos Res or com_mosres) v1.0f para Mambo y Joomla!, cuando está deshabilita... • https://www.exploit-db.com/exploits/8872 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 3CVE-2009-3434 – Joomla! / Mambo Component Tupinambis - SQL Injection
https://notcve.org/view.php?id=CVE-2009-3434
28 Sep 2009 — SQL injection vulnerability in the Tupinambis (com_tupinambis) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the proyecto parameter in a verproyecto action to index.php. Vulnerabilidad de inyección SQL en el componente Tupinambis (com_tupinambis) v1.0 para Mambo y Joomla! permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "proyecto" en una acción "verproyecto" de index.php. • https://www.exploit-db.com/exploits/9832 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 3CVE-2009-3333 – Mambo Component com_koesubmit 1.0.0 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2009-3333
23 Sep 2009 — PHP remote file inclusion vulnerability in koesubmit.php in the koeSubmit (com_koesubmit) component 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Vulnerabilidad de inclusión remota de archivo PHP en koesubmit.php en el componente koeSubmit (com_koesubmit) v1.0 para Mambo, permite a atacantes remotos ejecutar código PHP de su elección a través de una URL en el parámetro mosConfig_absolute_path. • https://www.exploit-db.com/exploits/9714 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1CVE-2008-7212
https://notcve.org/view.php?id=CVE-2008-7212
11 Sep 2009 — MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message. MOStlyCE anteriores a la v2.4, como la usada en Mambo v4.6.3 y anteriores, permiten a atacantes remotos obtener información sensible a través de determinadas peticiones sobre mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/con... • http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 1%CPEs: 3EXPL: 3CVE-2008-7213 – Mambo Module MOStlyCE 2.4 - 'connector.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-7213
11 Sep 2009 — Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php en MOStlyCE y anteriores a la v2.4, como la usada en Mambo v4.6.3 y ... • https://www.exploit-db.com/exploits/31066 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 2CVE-2008-7214
https://notcve.org/view.php?id=CVE-2008-7214
11 Sep 2009 — Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en adm... • http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 2%CPEs: 3EXPL: 2CVE-2008-7215
https://notcve.org/view.php?id=CVE-2008-7215
11 Sep 2009 — The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in a FileUpload command, which are used to modify equivalent variables in $_FILES that are accessed when the is_uploaded_file check fails. El Image Manager en MOStlyCE anteriores a v2.4, como las usadas en Mambo v4.6.3 y anteriores, permite a atacantes remotos... • http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 2%CPEs: 8EXPL: 2CVE-2008-6814 – Mambo Component SimpleBoard 1.0.1 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2008-6814
28 May 2009 — Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528. Vulnerabilidad de envío de archivo no restringido en image_upload.php en el componente SimpleBoard (com_simpleb... • https://www.exploit-db.com/exploits/6868 • CWE-20: Improper Input Validation •