1915 matches found
CVE-2002-2288
Mambo Site Server 4.0.11 allows remote attackers to obtain the physical path of the server via an HTTP request to index.php with a parameter that does not exist, which causes the path to be leaked in an error message...
CVE-2002-1662
Multiple cross-site scripting XSS vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via 1 search.php and 2 the "Your name" field during account registration...
CVE-2002-2247
The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function...
CVE-2002-2290
Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges...
Multiple Mambo Site Server sec-weaknesses
=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::=:=:=::= topic: Multiple Mambo Site Server sec-weaknesses product: Mambo Site Server 4.0.11 vendor: http://sourceforge.org/projects/mambo risk: high date: 12/12/2k2 discovered by: euronymous /F0KP /HACKRU Team advisory urls:...
Mambo Site Server 4.0.11 - Full Path Disclosure
Mambo Site Server 4.0.11 - Full Path Disclosure source: https://www.securityfocus.com/bid/6387/info A vulnerability has been discovered in Mambo Site Server. Requesting the 'index.php' script with an invalid parameter will cause an error page to be generated containing the path of the Mambo scrip...
Mambo Site Server 4.0.11 - PHPInfo.php Information Disclosure
Mambo Site Server 4.0.11 - PHPInfo.php Information Disclosure source: https://www.securityfocus.com/bid/6376/info Mambo Site Server is a freely available, open source web content management tool. It is written in PHP, and available for Unix, Linux, and Microsoft Windows operating systems. It has...
Mambo Site Server 4.0.11 - 'PHPInfo.php' Information Disclosure
source: https://www.securityfocus.com/bid/6376/info Mambo Site Server is a freely available, open source web content management tool. It is written in PHP, and available for Unix, Linux, and Microsoft Windows operating systems. It has been reported that Mambo enables a script by default that may...
Mambo Site Server 4.0.11 - Full Path Disclosure
source: https://www.securityfocus.com/bid/6387/info A vulnerability has been discovered in Mambo Site Server. Requesting the 'index.php' script with an invalid parameter will cause an error page to be generated containing the path of the Mambo script. Information obtained by exploiting this issue...
CVE-2001-1011
The vulnerability affects Mambo Site Server versions 3.0.0–3.0.5 in index2.php. A flaw in session handling (PHPSESSID) allows remote attackers to gain Mambo administrator privileges by supplying the proper administrator parameters alongside the PHPSESSID. The provided sources consistently describ...
CVE-2001-1011
index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters...
Неинициализированные PHP-переменные в Mambo Site Server (unauthorized access)
Классическая ошибка PHP позволяет неавторизованный административный доступ...
Serious security hole in Mambo Site Server version 3.0.X
Serious security hole in Mambo Site Server version 3.0.X Jul, 24 2001 by: Ismael Peinado Palomo - [email protected] www.reverseonline.com Summary Mambo Site Server is a dynamic portal engine and content management tool based on PHP and MySQL. Details Vulnerable systems: Mambo Site Serv...
mambo_advisorie.txt
Serious security hole in Mambo Site Server version 3.0.X Jul, 24 2001 by: Ismael Peinado Palomo - [email protected] www.reverseonline.com Summary Mambo Site Server is a dynamic portal engine and content management tool based on PHP and MySQL. Details Vulnerable systems: Mambo Site Serv...
CVE-2001-1011
index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters...