CVE-2008-7215

The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to rename arbitrary files and cause a denial of service via modified fileNewFilename, fileNewFiletmpname, and fileNewFilesize parameters in a FileUpload command, which are used to modify equivale...

CVE-2008-7213

Cross-site scripting XSS vulnerability in mambots/editors/mostlyce/jscripts/tinymce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter...

CVE-2008-2500

MOStlyContent Editor (MOStlyCE) for Mambo, prior to version 3.0, is affected by a Cross-site Scripting (XSS) vulnerability. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The documents do not specify affected build numbers beyond “before 3.0,” no...

CVE-2008-2500

Cross-site scripting XSS vulnerability in the MOStlyContent Editor MOStlyCE component before 3.0 for Mambo allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Mambo Module MOStlyCE 2.4 Image Manager Utility - Arbitrary File Upload

source: https://www.securityfocus.com/bid/27472/info The MOStlyCE module for Mambo is prone to an arbitrary-file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue could allow an attacker to upload and execute arbitrary script co...

Mambo Module MOStlyCE 2.4 - connector.php Cross-Site Scripting

Mambo Module MOStlyCE 2.4 - connector.php Cross-Site Scripting source: https://www.securityfocus.com/bid/27470/info The MOStlyCE module for Mambo is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this...

Mambo Module MOStlyCE 2.4 Image Manager Utility - Arbitrary File Upload

Mambo Module MOStlyCE 2.4 Image Manager Utility - Arbitrary File Upload source: https://www.securityfocus.com/bid/27472/info The MOStlyCE module for Mambo is prone to an arbitrary-file-upload vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this...

Mambo Module MOStlyCE 2.4 - 'connector.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/27470/info The MOStlyCE module for Mambo is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Mambo MOStlyCE Mambot Arbitrary File Rename

The remote host is running MOStlyContent Editor MOStlyCE, the default WYSIWYG editor for Mambo. The version of MOStlyCE installed on the remote host contains a design flaw that may allow an attacker to rename files subject to the privileges of the web server user id. An unauthenticated attacker m...

CVE-2006-7104

PHP remote file inclusion vulnerability in htmltemplate.php in the Chad Auld MOStlyContent Editor MOStlyCE as created on May 2006, a component for Mambo 4.5.4, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter...

CVE-2006-7104

The CVE-2006-7104 entry describes a PHP remote file inclusion vulnerability in MOStlyContent Editor (MOStlyCE) for Mambo 4.5.4. The flaw is in htmltemplate.php where remote code execution is possible via a URL supplied to the mosConfig_absolute_path parameter, enabling an attacker to run arbitrar...

Mambo Module MOStlyCE 4.5.4 - HTMLTemplate.php Remote File Inclusion

Mambo Module MOStlyCE 4.5.4 - HTMLTemplate.php Remote File Inclusion source: https://www.securityfocus.com/bid/20549/info Mambo MostlyCE is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to...

Mambo Module MOStlyCE 4.5.4 - 'HTMLTemplate.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/20549/info Mambo MostlyCE is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to compromise the application and the underlying system; other attacks ar...