7 matches found
EUVD-2006-0875
Malware in sbrugna...
CVE-2006-3773
The CVE-2006-3773 entry describes a PHP remote file inclusion in the SMF-Forum Bridge component (com_smf) used by SMF-Forum 1.3.1.3 for Joomla! and Mambo 4.5.3+. The vulnerability stems from the mosConfig_absolute_path parameter, which can be supplied via a URL to cause arbitrary PHP code executi...
CVE-2006-1794
SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via 1 the $username variable in the mosGetParam function and 2 the $task parameter in the mosMenuCheck function in a includes/mambo.php; and 3 the $filter...
Sql injection
SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via 1 the $username variable in the mosGetParam function and 2 the $task parameter in the mosMenuCheck function in a includes/mambo.php; and 3 the $filter...
CVE-2006-1794
SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via 1 the $username variable in the mosGetParam function and 2 the $task parameter in the mosMenuCheck function in a includes/mambo.php; and 3 the $filter...
Directory traversal
Directory traversal vulnerability in the setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the moschangetemplate parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector...
CVE-2006-0871
CVE-2006-0871 (Mambo 4.5.3/4.5.3h and earlier): directory traversal in _setTemplate via mos_change_template parameter could allow remote reading of arbitrary files. Related entries note an updated Mambo release; exploits reference local file inclusion/remote impact in multiple components. CVE-200...