Lucene search
+L

1915 matches found

NVD
NVD
added 2002/12/31 5:0 a.m.12 views

CVE-2002-2288

Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message...

5CVSS6.3AI score0.02013EPSS
Exploits1References3
NVD
NVD
added 2002/12/31 5:0 a.m.21 views

CVE-2002-1662

Multiple cross-site scripting XSS vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via 1 search.php and 2 the "Your name" field during account registration...

6.8CVSS6.3AI score0.01306EPSS
Exploits0References4
NVD
NVD
added 2002/12/31 5:0 a.m.15 views

CVE-2002-2247

The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function...

5CVSS6.2AI score0.02569EPSS
Exploits1References3
NVD
NVD
added 2002/12/31 5:0 a.m.15 views

CVE-2002-2290

Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges...

10CVSS7.1AI score0.01839EPSS
Exploits0References2
securityvulns
securityvulns
added 2002/12/14 12:0 a.m.43 views

Multiple Mambo Site Server sec-weaknesses

=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: Multiple Mambo Site Server sec-weaknesses product: Mambo Site Server 4.0.11 vendor: http://sourceforge.org/projects/mambo risk: high date: 12/12/2k2 discovered by: euronymous /F0KP /HACKRU Team advisory urls:...

6.7AI score
Exploits0
exploitpack
exploitpack
added 2002/12/12 12:0 a.m.11 views

Mambo Site Server 4.0.11 - Full Path Disclosure

Mambo Site Server 4.0.11 - Full Path Disclosure source: https://www.securityfocus.com/bid/6387/info A vulnerability has been discovered in Mambo Site Server. Requesting the 'index.php' script with an invalid parameter will cause an error page to be generated containing the path of the Mambo scrip...

7.3AI score
Exploits0
exploitpack
exploitpack
added 2002/12/12 12:0 a.m.17 views

Mambo Site Server 4.0.11 - PHPInfo.php Information Disclosure

Mambo Site Server 4.0.11 - PHPInfo.php Information Disclosure source: https://www.securityfocus.com/bid/6376/info Mambo Site Server is a freely available, open source web content management tool. It is written in PHP, and available for Unix, Linux, and Microsoft Windows operating systems. It has...

7.2AI score
Exploits0
Exploit DB
Exploit DB
added 2002/12/12 12:0 a.m.32 views

Mambo Site Server 4.0.11 - 'PHPInfo.php' Information Disclosure

source: https://www.securityfocus.com/bid/6376/info Mambo Site Server is a freely available, open source web content management tool. It is written in PHP, and available for Unix, Linux, and Microsoft Windows operating systems. It has been reported that Mambo enables a script by default that may...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2002/12/12 12:0 a.m.34 views

Mambo Site Server 4.0.11 - Full Path Disclosure

source: https://www.securityfocus.com/bid/6387/info A vulnerability has been discovered in Mambo Site Server. Requesting the 'index.php' script with an invalid parameter will cause an error page to be generated containing the path of the Mambo script. Information obtained by exploiting this issue...

7AI score
Exploits0
CVE
CVE
added 2002/03/09 5:0 a.m.55 views

CVE-2001-1011

The vulnerability affects Mambo Site Server versions 3.0.0–3.0.5 in index2.php. A flaw in session handling (PHPSESSID) allows remote attackers to gain Mambo administrator privileges by supplying the proper administrator parameters alongside the PHPSESSID. The provided sources consistently describ...

10CVSS7.1AI score0.04425EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2002/03/09 5:0 a.m.24 views

CVE-2001-1011

index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters...

6.7AI score0.04425EPSS
Exploits1References5
securityvulns
securityvulns
added 2001/07/26 12:0 a.m.52 views

Неинициализированные PHP-переменные в Mambo Site Server (unauthorized access)

Классическая ошибка PHP позволяет неавторизованный административный доступ...

1.7AI score
Exploits0References1
securityvulns
securityvulns
added 2001/07/26 12:0 a.m.31 views

Serious security hole in Mambo Site Server version 3.0.X

Serious security hole in Mambo Site Server version 3.0.X Jul, 24 2001 by: Ismael Peinado Palomo - [email protected] www.reverseonline.com Summary Mambo Site Server is a dynamic portal engine and content management tool based on PHP and MySQL. Details Vulnerable systems: Mambo Site Serv...

7.6AI score
Exploits0
Packet Storm
Packet Storm
added 2001/07/26 12:0 a.m.20 views

mambo_advisorie.txt

Serious security hole in Mambo Site Server version 3.0.X Jul, 24 2001 by: Ismael Peinado Palomo - [email protected] www.reverseonline.com Summary Mambo Site Server is a dynamic portal engine and content management tool based on PHP and MySQL. Details Vulnerable systems: Mambo Site Serv...

7.4AI score
Exploits0
NVD
NVD
added 2001/07/25 4:0 a.m.14 views

CVE-2001-1011

index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters...

10CVSS6.7AI score0.04425EPSS
Exploits1References5
Rows per page
Query Builder