CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2011-3754
https://notcve.org/view.php?id=CVE-2011-3754
Mambo 4.6.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/sef.php and certain other files. Mambo v4.6.5 permite a atacantes remotos obtener información sensible a través de una petición directa a un archivo .php, lo que revela la ruta de instalación en un mensaje de error, como se demostró con includes/sef.php y algunos otros archivos. • http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/%21_README http://code.google.com/p/inspathx/source/browse/trunk/paths_vuln/mambo-4.6.5 http://www.openwall.com/lists/oss-security/2011/06/27/6 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 3CVE-2009-4579
https://notcve.org/view.php?id=CVE-2009-4579
Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php. Vulnerabilidad de secuencias de comandos (XSS) en el componente Artist avenue (com_artistavenue) para Joomla!, y Mambo permite a atacantes remotos ejecutar código web o HTML de su elección a través del parámetro Itemid en index.php. • http://packetstormsecurity.org/0912-exploits/joomlaartistavenue-xss.txt http://www.exploit-db.com/exploits/10818 http://www.securityfocus.com/bid/37537 https://exchange.xforce.ibmcloud.com/vulnerabilities/55214 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 4CVE-2009-4578 – Joomla! Component FacileForms - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-4578
Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php. Vulnerabilidad de secuencias de comandos (XSS) en el componente Facileforms (com_facileforms) para Joomla! y Mambo permite a atacantes inyectar código web o HTMl de su elección a través del parámetro ITemid en idenx.php. • https://www.exploit-db.com/exploits/10737 http://packetstormsecurity.org/0912-exploits/joomlafacileforms-xss.txt http://www.exploit-db.com/exploits/10737 http://www.securityfocus.com/bid/37477 https://exchange.xforce.ibmcloud.com/vulnerabilities/55133 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3CVE-2009-4474 – Mambo Component com_zoom - 'catid' Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-4474
SQL injection vulnerability in the Mike de Boer zoom (com_zoom) component 2.0 for Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. Vulnerabilidad de inyección SQL en el componente Mike de Boer zoom (com_zoom) v2.0 para Mambo permite a atacantes remotos ejecutar comandos SQl de forma arbitraria a través del parámetro "catid" a index.php. • https://www.exploit-db.com/exploits/9588 http://www.exploit-db.com/exploits/9588 http://www.securityfocus.com/bid/36281 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 3CVE-2009-4199 – Joomla! Component com_mosres - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2009-4199
Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos Res or com_mosres) component 1.0f for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) property_uid parameter in a viewproperty action to index.php and the (2) regID parameter in a showregion action to index.php. Múltiples vulnerabilidades de inyección SQL en el componente Mambo Resident (aka Mos Res or com_mosres) v1.0f para Mambo y Joomla!, cuando está deshabilitado magic_quotes_gpc, permite a atacantes remotos ejecutar comandos SQL de su elección mediante (1) el parámetro "property_uid" en una acción viewproperty de index.php y (2) el parámetro "regID" en una acción showregion de index.php. • https://www.exploit-db.com/exploits/8872 http://www.exploit-db.com/exploits/8872 http://www.securityfocus.com/bid/35202 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •