NotCVE - vendor:"Brilaps" product:"Mostlyce"

4 results (0.001 seconds)

CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 1

CVE-2008-7212

https://notcve.org/view.php?id=CVE-2008-7212

11 Sep 2009 — MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message. MOStlyCE anteriores a la v2.4, como la usada en Mambo v4.6.3 y anteriores, permiten a atacantes remotos obtener información sensible a través de determinadas peticiones sobre mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/con... • http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.1EPSS: 1%CPEs: 3EXPL: 3

CVE-2008-7213 – Mambo Module MOStlyCE 2.4 - 'connector.php' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2008-7213

11 Sep 2009 — Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php en MOStlyCE y anteriores a la v2.4, como la usada en Mambo v4.6.3 y ... • https://www.exploit-db.com/exploits/31066 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 2

CVE-2008-7214

https://notcve.org/view.php?id=CVE-2008-7214

11 Sep 2009 — Cross-site request forgery (CSRF) vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a com_users action, as demonstrated using a separate XSS vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en adm... • http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.1EPSS: 2%CPEs: 3EXPL: 2

CVE-2008-7215

https://notcve.org/view.php?id=CVE-2008-7215

11 Sep 2009 — The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified file[NewFile][name], file[NewFile][tmp_name], and file[NewFile][size] parameters in a FileUpload command, which are used to modify equivalent variables in $_FILES that are accessed when the is_uploaded_file check fails. El Image Manager en MOStlyCE anteriores a v2.4, como las usadas en Mambo v4.6.3 y anteriores, permite a atacantes remotos... • http://archives.neohapsis.com/archives/bugtraq/2008-02/0444.html • CWE-20: Improper Input Validation •