CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

No description provided by source. source: http://www.securityfocus.com/bid/30708/info Mambo is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser o...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•18 views

Mambo MostlyCE 4.5.4 HTMLTemplate.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/20549/info Mambo MostlyCE is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to compromise the application and the...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•9 views

Mambo MOStlyCE Module 2.4 Image Manager Utility Arbitrary File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27472/info The MOStlyCE module for Mambo is prone to an arbitrary-file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to uplo...

7.1AI score

Exploits0

seebug.org•added 2014/07/01 12:0 a.m.•10 views

Mambo MOStlyCE 2.4 Module - 'connector.php' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27470/info The MOStlyCE module for Mambo is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

7.1AI score

Exploits0

NVD•added 2009/09/11 4:30 p.m.•6 views

CVE-2008-7214

Cross-site request forgery CSRF vulnerability in administrator/index2.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add new administrator accounts via the save task in a comusers action, as...

6.8CVSS6.5AI score0.003EPSS

Exploits1References8

Prion•added 2009/09/11 4:30 p.m.•9 views

Command injection

The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified fileNewFilename, fileNewFiletmpname, and fileNewFilesize parameters in a FileUpload command, which are used to modify equivale...

5.8CVSS7AI score0.02095EPSS

Exploits1References9Affected Software2

Prion•added 2009/09/11 4:30 p.m.•7 views

Cross site scripting

Cross-site scripting XSS vulnerability in mambots/editors/mostlyce/jscripts/tinymce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter...

4.3CVSS6.3AI score0.0103EPSS

Exploits1References9Affected Software2

NVD•added 2009/09/11 4:30 p.m.•11 views

CVE-2008-7215

5.8CVSS6.8AI score0.02095EPSS

Exploits1References9

Prion•added 2009/09/11 4:30 p.m.•14 views

Cross site request forgery (csrf)

6.8CVSS6.8AI score0.003EPSS

Exploits1References8Affected Software2

NVD•added 2009/09/11 4:30 p.m.•10 views

CVE-2008-7213

4.3CVSS5.8AI score0.0103EPSS

Exploits1References9

NVD•added 2009/09/11 4:30 p.m.•8 views

CVE-2008-7212

MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to obtain sensitive information via certain requests to mambots/editors/mostlyce/jscripts/tinymce/filemanager/connectors/php/connector.php, which reveals the installation path in an error message...

5CVSS6.2AI score0.00592EPSS

Exploits1References8

Prion•added 2009/09/11 4:30 p.m.•12 views

Design/Logic Flaw

5CVSS6.7AI score0.00592EPSS

Exploits1References8Affected Software2

CVE•added 2009/09/11 4:0 p.m.•46 views

CVE-2008-7215

The CVE-2008-7215 entry concerns MOStlyCE (MOStlyContent Editor) as used in Mambo 4.6.3 and earlier. The Image Manager of MOStlyCE before version 2.4 allows remote attackers to rename arbitrary files and trigger a denial of service by sending modified file[NewFile][name], file[NewFile][tmp_name],...

5.8CVSS7AI score0.02095EPSS

Exploits1References9Affected Software2

CVE•added 2009/09/11 4:0 p.m.•55 views

CVE-2008-7212

The CVE-2008-7212 vulnerability affects MOStlyCE before 2.4 used with Mambo 4.6.3 and earlier. It allows remote attackers to trigger error messages via requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, revealing the installation path. No exploitation...

5CVSS6.4AI score0.00592EPSS

Exploits1References8Affected Software2

Cvelist•added 2009/09/11 4:0 p.m.•14 views

CVE-2008-7214

6.5AI score0.003EPSS

Exploits1References8

CVE•added 2009/09/11 4:0 p.m.•36 views

CVE-2008-7214

The CVE-2008-7214 entry describes a CSRF flaw in MOStlyCE before 2.4 (used in Mambo 4.6.3 and earlier) affecting administrator/index2.php. The vulnerability lets remote attackers hijack an administrator’s session to add new administrator accounts via the save task in a com_users action, with the ...

6.8CVSS6.7AI score0.003EPSS

Exploits1References8Affected Software2

CVE•added 2009/09/11 4:0 p.m.•39 views

CVE-2008-7213

CVE-2008-7213 describes an XSS vulnerability in MOStlyCE (used with Mambo 4.6.3 and earlier) via the Command parameter in the PHP connector for TinyMCE filemanager (path: mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php). The issue arises in MOStlyCE before vers...

4.3CVSS6AI score0.0103EPSS

Exploits1References9Affected Software2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by