Vulnerabilities > Mambo
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-01-31 | CVE-2008-0515 | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the musepoes (com_musepoes) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an answer action. | 7.5 |
2008-01-31 | CVE-2008-0514 | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action. | 7.5 |
2008-01-31 | CVE-2008-0511 | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the MaMML (com_mamml) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. | 7.5 |
2008-01-31 | CVE-2008-0510 | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the Newsletter (com_newsletter) component for Mambo 4.5 and Joomla! allows remote attackers to execute arbitrary SQL commands via the listid parameter. | 7.5 |
2008-01-15 | CVE-2008-0261 | Resource Management Errors vulnerability in Mambo Open Source Unspecified vulnerability in the search component and module in Mambo 4.5.x and 4.6.x allows remote attackers to cause a denial of service (query flood) via unspecified vectors. | 5.0 |
2007-12-20 | CVE-2007-6455 | Cross-Site Scripting vulnerability in Mambo 4.6.2 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter. | 4.3 |
2007-10-11 | CVE-2007-5362 | Code Injection vulnerability in multiple products Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde Solutions MOSMedia Lite (com_mosmedia) 4.5.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) credits.html.php, (2) info.html.php, (3) media.divs.php, (4) media.divs.js.php, (5) purchase.html.php, or (6) support.html.php in includes/. | 6.8 |
2007-10-03 | CVE-2007-5177 | SQL Injection vulnerability in multiple products SQL injection vulnerability in index.php in the MambAds (com_mambads) 1.5 and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the caid parameter. | 7.5 |
2007-09-06 | CVE-2007-4745 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function. | 4.3 |
2007-08-23 | CVE-2007-4505 | SQL-Injection vulnerability in Mambo SQL injection vulnerability in index.php in the RemoSitory component (com_remository) for Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat action. | 7.5 |