CVE-2008-7212

The CVE-2008-7212 vulnerability affects MOStlyCE before 2.4 used with Mambo 4.6.3 and earlier. It allows remote attackers to trigger error messages via requests to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php, revealing the installation path. No exploitation...

CVE-2008-7215

The CVE-2008-7215 entry concerns MOStlyCE (MOStlyContent Editor) as used in Mambo 4.6.3 and earlier. The Image Manager of MOStlyCE before version 2.4 allows remote attackers to rename arbitrary files and trigger a denial of service by sending modified file[NewFile][name], file[NewFile][tmp_name],...

CVE-2008-7213

CVE-2008-7213 describes an XSS vulnerability in MOStlyCE (used with Mambo 4.6.3 and earlier) via the Command parameter in the PHP connector for TinyMCE filemanager (path: mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php). The issue arises in MOStlyCE before vers...

CVE-2008-7214

The CVE-2008-7214 entry describes a CSRF flaw in MOStlyCE before 2.4 (used in Mambo 4.6.3 and earlier) affecting administrator/index2.php. The vulnerability lets remote attackers hijack an administrator’s session to add new administrator accounts via the save task in a com_users action, with the ...