7 matches found
EUVD-2006-4276
Malware in sbrugna...
Mambo A6Mambocredits 1.0 Remote File Inclusion
========================================================= Mambo Component coma6mambocredits RFI Vulnerability ========================================================= +Title : Mambo Component coma6mambocredits RFI Vulnerability +Software : A6Mambocredits 1.0 +Vendor : http://secunia.com/ +Downlo...
Mambo A6MamboCredits远程文件包含漏洞
Mambo A6MamboCredits是一款基于Mambo的应用模块。 Mambo A6MamboCredits不正确过滤用户提交的URI数据,远程攻击者可以利用漏洞以WEB进程权限执行任意命令。 问题是'admin.a6mambocredits.php'脚本对用户提交的'mosConfiglivesite'参数缺少过滤,提交恶意的远程服务器作为包含对象,可导致以WEB进程权限执行任意PHP代码。 active6 a6MamboCredits 1.0...
Mambo a6mambocredits Component 1.0.0 File Include Vulnerability
No description provided by source. Title : Mambo a6mambocredits component v1.0.0 == mosConfiglivesite Remote File Include Vulnerabilities Affected Application: Mambo a6mambocredits component v1.0.0 Mambo CMS Component . . : contact :...
Mambo A6MamboCredits 1.0 组件远程文件包含漏洞
A6MamboCredits是Mambo中的一个组件,用于在一个集中的页面显示组件的致谢信息。 A6MamboCredits组件在处理用户请求时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上有Web进程权限执行任意命令。 模块的administrator/components/coma6mambocredits/admin.a6mambocredits.php脚本没有正确地验证mosConfigabsolutepath参数的输入,允许攻击者可以通过包含本地或外部资源的任意文件导致执行任意代码。成功攻击要求打开了registerglobals。 active6...
CVE-2006-4288
PHP remote file inclusion vulnerability in admin.a6mambocredits.php in the a6mambocredits component coma6mambocredits 2.0.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfiglivesite parameter. NOTE: some of these details are obtained from third...
Mambo a6mambocredits Component 1.0.0 File Include Vulnerability
Exploit for unknown platform in category web applications =============================================================== Mambo a6mambocredits Component 1.0.0 File Include Vulnerability =============================================================== Title : Mambo a6mambocredits component v1.0.0 =...