6 matches found
Mambo MOStlyCE 2.4 Module - 'connector.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/27470/info The MOStlyCE module for Mambo is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...
Mambo 4.6.3 arbitrary file upload
Step 1 Using post method send file to: http://victim.com/mambo4.6.5/mambots/editors/mostlyce/jscripts/tinymce/filemanager/connectors/php/connector.php?Command=FileUpload file should have one of the following extensions: zip, doc, xls, pdf, rtf, csv, jpg, gif, jpeg, png, avi, mpg, mpeg, swf, fla...
Mambo 4.6.3 Arbitrary File Upload
Step 1 Using post method send file to: http://victim.com/mambo4.6.5/mambots/editors/mostlyce/jscripts/tinymce/filemanager/connectors/php/connector.php?Command=FileUpload file should have one of the following extensions: zip, doc, xls, pdf, rtf, csv, jpg, gif, jpeg, png, avi, mpg, mpeg, swf, fla...
CVE-2008-7213
Cross-site scripting XSS vulnerability in mambots/editors/mostlyce/jscripts/tinymce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter...
CVE-2008-7213
CVE-2008-7213 describes an XSS vulnerability in MOStlyCE (used with Mambo 4.6.3 and earlier) via the Command parameter in the PHP connector for TinyMCE filemanager (path: mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php). The issue arises in MOStlyCE before vers...
CVE-2008-7214
Cross-site request forgery CSRF vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a comusers action, as...