Lucene search
K

6 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

Mambo MOStlyCE 2.4 Module - 'connector.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27470/info The MOStlyCE module for Mambo is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2009/09/21 12:0 a.m.119 views

Mambo 4.6.3 arbitrary file upload

Step 1 Using post method send file to: http://victim.com/mambo4.6.5/mambots/editors/mostlyce/jscripts/tinymce/filemanager/connectors/php/connector.php?Command=FileUpload file should have one of the following extensions: zip, doc, xls, pdf, rtf, csv, jpg, gif, jpeg, png, avi, mpg, mpeg, swf, fla...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2009/09/21 12:0 a.m.33 views

Mambo 4.6.3 Arbitrary File Upload

Step 1 Using post method send file to: http://victim.com/mambo4.6.5/mambots/editors/mostlyce/jscripts/tinymce/filemanager/connectors/php/connector.php?Command=FileUpload file should have one of the following extensions: zip, doc, xls, pdf, rtf, csv, jpg, gif, jpeg, png, avi, mpg, mpeg, swf, fla...

0.1AI score
Exploits0
NVD
NVD
added 2009/09/11 4:30 p.m.13 views

CVE-2008-7213

Cross-site scripting XSS vulnerability in mambots/editors/mostlyce/jscripts/tinymce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter...

4.3CVSS5.8AI score0.02152EPSS
Exploits1References9
CVE
CVE
added 2009/09/11 4:0 p.m.46 views

CVE-2008-7213

CVE-2008-7213 describes an XSS vulnerability in MOStlyCE (used with Mambo 4.6.3 and earlier) via the Command parameter in the PHP connector for TinyMCE filemanager (path: mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php). The issue arises in MOStlyCE before vers...

4.3CVSS6AI score0.02152EPSS
Exploits1References9Affected Software2
Cvelist
Cvelist
added 2009/09/11 4:0 p.m.22 views

CVE-2008-7214

Cross-site request forgery CSRF vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a comusers action, as...

6.5AI score0.00749EPSS
Exploits1References8
Rows per page
Query Builder