2 results (0.003 seconds)

CVSS: 2.6EPSS: 2%CPEs: 10EXPL: 3

globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion. globals.php en Mambo Site Server 4.0.14 y anteriores, cuando "register_globals" está desactivado, permite a atacantes remotos sobreescribir variables mediante el 'array' "GLOBALS" y llevar a cabo varios ataques, como se ha demostrado usando el parámetro "mosConfig_absolute_path" de content.html.php para inclusión remota de PHP. • https://www.exploit-db.com/exploits/1337 http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0520.html http://forum.mamboserver.com/showthread.php?t=66154 http://secunia.com/advisories/17622 http://securitytracker.com/id?1015258 http://www.securityfocus.com/archive/1/417215 http://www.securityfocus.com/archive/1/426942/100/0/threaded http://www.securityfocus.com/archive/1/427196/100/0/threaded http://www.securityfocus.com/bid/15461 http://www.vupen.com/english/advi •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter. • https://www.exploit-db.com/exploits/22382 http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html http://www.securityfocus.com/bid/7135 https://exchange.xforce.ibmcloud.com/vulnerabilities/11601 •