CVE-2008-0261
https://notcve.org/view.php?id=CVE-2008-0261
Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors. Vulnerabilidad no especificada en el componente y módulo search en Mambo 4.5.x y 4.6.x permite a atacantes remotos provocar denegación de servicio (inundación de consultas) a través de vectores no especificados. • http://forum.mambo-foundation.org/showthread.php?t=9651 http://secunia.com/advisories/28392 http://www.securityfocus.com/bid/27239 https://exchange.xforce.ibmcloud.com/vulnerabilities/39613 • CWE-399: Resource Management Errors •
CVE-2007-4203
https://notcve.org/view.php?id=CVE-2007-4203
Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter. Vulnerabilidad de fijación de sesión en Mambo 4.6.2 CMS permite a atacantes remotos secuestrar sesiones web estableciendo el parámetro Cookie. • http://osvdb.org/42514 http://securityreason.com/securityalert/2970 http://www.securityfocus.com/archive/1/475241/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/35744 • CWE-287: Improper Authentication •
CVE-2006-7202
https://notcve.org/view.php?id=CVE-2006-7202
The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not properly check access rights for database content, which allows remote attackers to read certain content via unspecified vectors. La función dofreePDF en includes/pdf.php de Mambo 4.6.1 no comprueba adecuadamente los derechos de acceso a contenido de base de datos, lo cual permite a atacantes remotos leer cierto contenido mediante vectores no especificados. • http://secunia.com/advisories/25039 http://www.securityfocus.com/bid/23787 http://www.tracker.mambo-foundation.org/?do=details&task_id=170 •
CVE-2006-7150
https://notcve.org/view.php?id=CVE-2006-7150
Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php. Múltiples vulnerabilidades de inyección SQL en el Mambo 4.6.x permiten a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro mcname en el (1) moscomment.php y (2) com_comment.php. • http://securityreason.com/securityalert/2379 http://www.kapda.ir/advisory-444.html http://www.securityfocus.com/archive/1/449305/100/0/threaded http://www.securityfocus.com/bid/20650 https://exchange.xforce.ibmcloud.com/vulnerabilities/29707 •
CVE-2005-4156
https://notcve.org/view.php?id=CVE-2005-4156
Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character. • http://securitytracker.com/alerts/2005/Nov/1015176.html http://www.procheckup.com/Vulner_PR0511.php •