CVE-2006-3262 – Mambo 4.6rc1 - Weblinks Blind SQL Injection
https://notcve.org/view.php?id=CVE-2006-3262
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. Vulnerabilidad de inyección SQL en el modulo Weblinks (weblinks.php) en Mambo v4.6rc1 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "title". • https://www.exploit-db.com/exploits/1920 https://www.exploit-db.com/exploits/1941 http://retrogod.altervista.org/mambo_46rc1_sql.html http://secunia.com/advisories/20745 http://securityreason.com/securityalert/1158 http://securitytracker.com/id?1016334 http://www.mamboserver.com/?option=com_content&task=view&id=207 http://www.osvdb.org/26624 http://www.securityfocus.com/archive/1/437496/100/100/threaded http://www.securityfocus.com/bid/18492 http://www.vupen.com/englis •
CVE-2006-3263
https://notcve.org/view.php?id=CVE-2006-3263
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. Vulnerabilidad de inyección SQL en el modulo Weblinks (weblinks.php) en Mambo v4.6rc1 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro "catid". • http://www.mamboserver.com/?option=com_content&task=view&id=207 •
CVE-2006-2815
https://notcve.org/view.php?id=CVE-2006-2815
Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes M-Factory (TSMF) SimpleBoard 1.1.0 Stable (aka com_simpleboard), as used in Mambo and Joomla!, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in "post ne topic" in the Frontend, (2) the Title (aka Community-Title) field in Simpleboard Configuration in the Backend Admin Panel, and the (3) Name (aka Forum-Title) and (4) Name (aka Category-Title) fields in Simpleboard Administration in the Backend Admin Panel. NOTE: some sources have stated that the sb_authorname parameter is affected, but it is unclear which field is related to it. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046484.html http://secunia.com/advisories/20409 http://securityreason.com/securityalert/1030 http://www.securityfocus.com/archive/1/435615/100/0/threaded http://www.securityfocus.com/bid/18251 http://www.vupen.com/english/advisories/2006/2111 https://exchange.xforce.ibmcloud.com/vulnerabilities/27021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-1957
https://notcve.org/view.php?id=CVE-2006-1957
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to cause a denial of service (disk consumption and possibly web-server outage) via multiple requests with different values of the feed parameter. • http://archives.neohapsis.com/archives/bugtraq/2006-04/0380.html http://irannetjob.com/content/view/209/28 http://www.kapda.ir/advisory-313.html http://www.securityfocus.com/archive/1/431317/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/26131 • CWE-20: Improper Input Validation •
CVE-2006-1956
https://notcve.org/view.php?id=CVE-2006-1956
The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message. • http://irannetjob.com/content/view/209/28 http://www.kapda.ir/advisory-313.html http://www.securityfocus.com/archive/1/431317/100/0/threaded •