Filtered by vendor Mambo
Subscribe
Search
Total
123 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3738 | 1 Mambo | 1 Mambo Site Server | 2018-10-19 | 2.6 LOW | N/A |
| globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion. | |||||
| CVE-2006-3262 | 1 Mambo | 1 Mambo | 2018-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | |||||
| CVE-2006-1956 | 2 Joomla, Mambo | 2 Joomla, Mambo | 2018-10-18 | 5.0 MEDIUM | N/A |
| The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message. | |||||
| CVE-2006-4556 | 2 Joomla, Mambo | 2 Jim Component, Jim Component | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242. | |||||
| CVE-2006-4553 | 2 Joomla, Mambo | 2 Com Comprofiler Component, Com Comprofiler Component | 2018-10-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in plugin.class.php in the com_comprofiler Components 1.0 RC2 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4375 | 1 Mambo | 1 Contacts Xtd Component | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined. | |||||
| CVE-2006-4275 | 1 Mambo | 1 Catalogshop Component | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in catalogshop.php in the CatalogShop component for Mambo (com_catalogshop) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4270 | 1 Mambo | 1 Mambelfish Component | 2018-10-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in mambelfish.class.php in the mambelfish component (com_mambelfish) 1.1 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4269 | 2 Joomla, Mambo | 2 X-shop Component, X-shop Component | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third party researchers, stating that there is no mosConfig_absolute_path parameter and no admin.x-shop.php file in the reported package. | |||||
| CVE-2006-4286 | 1 Mambo | 1 Mambo | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third parties who state that contentpublisher.php protects against direct request in the most recent version. The original researcher is known to be frequently inaccurate. | |||||
| CVE-2006-4264 | 1 Mambo | 1 Mtg Myhomepage Component | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) install.lmtg_homepage.php and (2) mtg_homepage.php. NOTE: this issue has been disputed by a third party, who states that the $mosConfig_absolute_path variable is only used within a function definition. CVE source code analysis on 20060824 is not conclusive but tends to concur with the dispute. In addition, it appears that the component name is actually "lmtg_myhomepage". | |||||
| CVE-2006-4229 | 2 Joomla, Mambo | 2 Moslistmessenger Component, Moslistmessenger Component | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4280 | 1 Mambo | 1 Anjel Component | 2018-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in anjel.index.php in ANJEL (formerly MaMML) Component (com_anjel) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a third party, who says that $mosConfig_absolute_path is set in a configuration file. | |||||
| CVE-2006-3980 | 1 Mambo | 1 Mambo Gallery Manager | 2018-10-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in administrator/components/com_mgm/help.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3947 | 1 Mambo | 1 Mambatstaff | 2018-10-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in components/com_mambatstaff/mambatstaff.php in the Mambatstaff 3.1b and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3949 | 1 Mambo | 1 Artlinks Component | 2018-10-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in artlinks.dispnew.php in the Artlinks component (com_artlinks) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3843 | 1 Mambo | 1 Mambo Calendar | 2018-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in com_calendar.php in Calendar Mambo Module 1.5.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter. | |||||
| CVE-2006-3846 | 1 Mambo | 1 Mambo Multibanners | 2018-10-17 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in extadminmenus.class.php in the MultiBanners 1.0.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2007-2196 | 2 Joomla, Mambo | 2 Jambook, Jambook | 2018-10-16 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** PHP remote file inclusion vulnerability in jambook.php in the Jambook (com_Jambook) 1.0 beta7 module for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a reliable third party because the jambook.php protects against direct request. | |||||
| CVE-2007-0374 | 2 Joomla, Mambo | 2 Joomla, Mambo | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. | |||||
| CVE-2006-7149 | 1 Mambo | 1 Mambo | 2018-10-16 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string in an error message from mod_login.php; and the (2) mcname parameter to (b) moscomment.php and (c) com_comment.php. | |||||
| CVE-2006-7150 | 1 Mambo | 1 Mambo Open Source | 2018-10-16 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php. | |||||
| CVE-2008-0854 | 2 Joomla, Mambo | 2 Com Salesrep, Com Salesrep | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php. | |||||
| CVE-2008-0855 | 2 Joomla, Mambo | 2 Com Facileforms, Com Facileforms | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
| CVE-2008-0849 | 2 Joomla, Mambo | 2 Com Downloads, Com Downloads | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat function, a different vector than CVE-2008-0652. | |||||
| CVE-2008-0810 | 2 Joomla, Mambo | 2 Com Scheduling Component, Com Scheduling Component | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com_scheduling module for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2008-0817 | 2 Joomla, Mambo | 2 Com Filebase Component, Com Filebase Component | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action. | |||||
| CVE-2008-0853 | 2 Joomla, Mambo | 2 Com Detail, Com Detail | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the com_detail component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: this issue might be site-specific. If so, it should not be included in CVE. | |||||
| CVE-2007-6455 | 1 Mambo | 1 Mambo | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter. | |||||
| CVE-2007-4456 | 2 Mambo, Parkview Consultants | 2 Mambo, Simplefaq | 2018-10-15 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the SimpleFAQ (com_simplefaq) 2.11 component for Mambo allows remote attackers to execute arbitrary SQL commands via the aid parameter. NOTE: it was later reported that 2.40 is also affected, and that the component can be used in Joomla! in addition to Mambo. | |||||
| CVE-2007-4203 | 1 Mambo | 1 Mambo Open Source | 2018-10-15 | 9.3 HIGH | N/A |
| Session fixation vulnerability in Mambo 4.6.2 CMS allows remote attackers to hijack web sessions by setting the Cookie parameter. | |||||
| CVE-2008-4777 | 2 Joomla, Mambo | 3 Com Lms, Joomla, Mambo | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task. | |||||
| CVE-2008-3712 | 1 Mambo | 1 Mambo | 2018-10-11 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php and the (2) mosConfig_sitename parameter to administrator/popups/index3pop.php. | |||||
| CVE-2008-1137 | 2 Joomla, Mambo | 2 Com Garyscookbook, Com Garyscookbook | 2018-10-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) 1.1.1 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. | |||||
| CVE-2009-0730 | 3 Gigcalendar, Joomla, Mambo | 3 Com Gigcalendar, Joomla, Mambo | 2018-10-10 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726. | |||||
| CVE-2006-3773 | 1 Mambo | 1 Smf-forum | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in smf.php in the SMF-Forum 1.3.1.3 Bridge Component (com_smf) For Joomla! and Mambo 4.5.3+ allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3749 | 1 Mambo | 1 Sitemap | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap component (com_sitemap) 2.0.0 for Mambo 4.5.1 CMS, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-3736 | 1 Mambo | 1 Videodb | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in core/videodb.class.xml.php in the VideoDB component for Mambo 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4296 | 1 Mambo | 1 Bigape-backup Component | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-Backup component (com_babackup) for Mambo 1.1 allows remote attackers to include arbitrary files via the mosConfig_absolute_path parameter. | |||||
| CVE-2006-4288 | 1 Mambo | 1 A6mambocredits Component | 2017-10-19 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in admin.a6mambocredits.php in the a6mambocredits component (com_a6mambocredits) 2.0.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2006-3962 | 1 Mambo | 1 Bayesiannaivefilter | 2017-10-19 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in administrator/components/com_bayesiannaivefilter/lang.php in the bayesiannaivefilter component (com_bayesiannaivefilter) 1.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2007-2005 | 2 Joomla, Mambo | 2 Taskhopper Component, Taskhopper Component | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2) itemstatus_type.php, (3) projectstatus_type.php, (4) request_type.php, (5) responses_type.php, (6) timelog_type.php, or (7) urgency_type.php in inc/. | |||||
| CVE-2007-2049 | 1 Mambo | 1 Mambo Calendar | 2017-10-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Calendar Module (com_calendar) 1.5.5 for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) com_calendar.php or (2) mod_calendar.php. | |||||
| CVE-2007-1699 | 2 Joomla, Mambo | 2 Swmenu Component, Swmenu Component | 2017-10-11 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the SWmenu (com_swmenupro and com_swmenufree) 4.0 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to ImageManager/Classes/ImageManager.php under the (1) components/ or (2) administrator/components/ directory trees. | |||||
| CVE-2007-1596 | 2 Joomla, Mambo | 2 Nfn Address Book, Nfn Address Book | 2017-10-11 | 9.3 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) components/com_nfn_addressbook/nfnaddressbook.php or (2) administrator/components/com_nfn_addressbook/nfnaddressbook.php. | |||||
| CVE-2007-1702 | 1 Mambo | 1 Flatmenu | 2017-10-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in mod_flatmenu.php in the Flatmenu 1.07 and earlier Mambo module allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | |||||
| CVE-2001-1011 | 1 Mambo | 1 Mambo Site Server | 2017-10-10 | 10.0 HIGH | N/A |
| index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters. | |||||
| CVE-2008-6653 | 3 Joomla, Mambo, Wh-com | 3 Joomla, Mambo, Com Webhosting | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. | |||||
| CVE-2008-6814 | 2 Jan De Graaff, Mambo | 2 Com Simpleboard, Mambo | 2017-09-29 | 6.8 MEDIUM | N/A |
| Unrestricted file upload vulnerability in image_upload.php in the SimpleBoard (com_simpleboard) component 1.0.1 and earlier for Mambo allows remote attackers to execute arbitrary code by uploading a file with an executable extension and an image/jpeg content type, then accessing this file via a direct request to the file in components/com_simpleboard/, a different vulnerability than CVE-2006-3528. | |||||
| CVE-2009-0726 | 3 Gigcalendar, Joomla, Mambo | 3 Com Gigcalendar, Joomla, Mambo | 2017-09-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the gigcal_gigs_id parameter in a details action to index.php. | |||||