26 results (0.016 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Mambo CMS through 4.6.5 has multiple XSS. Mambo CMS versiones hasta 4.6.5, presenta múltiples vulnerabilidades de tipo XSS. • https://www.openwall.com/lists/oss-security/2011/06/28/15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver. Una vulnerabilidad en Mambo CMS v4.6.5 en la que los scripts thumbs.php, editorFrame.php, editor.php, images.php y manager.php divulgan la ruta root del servidor web. • http://sourceforge.net/projects/mambo http://www.vapidlabs.com/advisory.php?v=75 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 2

Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file. Mambo CMS 4.6.5 utiliza permisos de lectura universal en configuration.php, lo que permite a usuarios locales obtener el hash de contraseña de administración mediante la lectura del fichero. • http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt http://seclists.org/oss-sec/2013/q1/689 http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 2

Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors. Mambo CMS 4.6.5 almacena la contraseña de la base de datos MySQL en texto claro en el root del documento, lo que permite a uausrios locales obtener información sensible a través de vectores no especificados. • http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt http://seclists.org/oss-sec/2013/q1/689 http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html • CWE-255: Credentials Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 2

Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file. Mambo CMS 4.6.5 permite a atacantes remotos causar una denegación de servicio (consumo de memoria y ancho de banda) mediante la subida de un fichero manipulado. • http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt http://seclists.org/oss-sec/2013/q1/689 http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html • CWE-399: Resource Management Errors •