Search criteria
21 vulnerabilities found for mambo_site_server by mambo
CVE-2002-2290 (GCVE-0-2002-2290)
Vulnerability from cvelistv5 – Published: 2007-10-18 10:00 – Updated: 2024-08-08 03:59
VLAI?
Summary
Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mambo-default-admin-password(10857)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10857"
},
{
"name": "20021212 Multiple Mambo Site Server sec-weaknesses",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mambo-default-admin-password(10857)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10857"
},
{
"name": "20021212 Multiple Mambo Site Server sec-weaknesses",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mambo-default-admin-password(10857)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10857"
},
{
"name": "20021212 Multiple Mambo Site Server sec-weaknesses",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2290",
"datePublished": "2007-10-18T10:00:00",
"dateReserved": "2007-10-17T00:00:00",
"dateUpdated": "2024-08-08T03:59:11.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2247 (GCVE-0-2002-2247)
Vulnerability from cvelistv5 – Published: 2007-10-14 20:00 – Updated: 2024-08-08 03:59
VLAI?
Summary
The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mambo-phpinfo-disclose-path(10853)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10853"
},
{
"name": "20021212 Multiple Mambo Site Server sec-weaknesses",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
},
{
"name": "6376",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6376"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mambo-phpinfo-disclose-path(10853)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10853"
},
{
"name": "20021212 Multiple Mambo Site Server sec-weaknesses",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
},
{
"name": "6376",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6376"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mambo-phpinfo-disclose-path(10853)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10853"
},
{
"name": "20021212 Multiple Mambo Site Server sec-weaknesses",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
},
{
"name": "6376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6376"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2247",
"datePublished": "2007-10-14T20:00:00",
"dateReserved": "2007-10-14T00:00:00",
"dateUpdated": "2024-08-08T03:59:11.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4745 (GCVE-0-2007-4745)
Vulnerability from cvelistv5 – Published: 2007-09-06 22:00 – Updated: 2024-08-07 15:08
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37533",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37533"
},
{
"name": "25576",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25576"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://trew.icenetx.net/toolz/advisory-mambo-akobook-en.txt"
},
{
"name": "26706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26706"
},
{
"name": "3101",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3101"
},
{
"name": "ADV-2007-3080",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3080"
},
{
"name": "akobook-gb-xss(36471)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36471"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37533",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37533"
},
{
"name": "25576",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25576"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://trew.icenetx.net/toolz/advisory-mambo-akobook-en.txt"
},
{
"name": "26706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26706"
},
{
"name": "3101",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3101"
},
{
"name": "ADV-2007-3080",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3080"
},
{
"name": "akobook-gb-xss(36471)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36471"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37533",
"refsource": "OSVDB",
"url": "http://osvdb.org/37533"
},
{
"name": "25576",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25576"
},
{
"name": "http://trew.icenetx.net/toolz/advisory-mambo-akobook-en.txt",
"refsource": "MISC",
"url": "http://trew.icenetx.net/toolz/advisory-mambo-akobook-en.txt"
},
{
"name": "26706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26706"
},
{
"name": "3101",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3101"
},
{
"name": "ADV-2007-3080",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3080"
},
{
"name": "akobook-gb-xss(36471)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36471"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4745",
"datePublished": "2007-09-06T22:00:00",
"dateReserved": "2007-09-06T00:00:00",
"dateUpdated": "2024-08-07T15:08:33.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3738 (GCVE-0-2005-3738)
Vulnerability from cvelistv5 – Published: 2005-11-22 11:00 – Updated: 2024-08-07 23:24
VLAI?
Summary
globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060307 PHP-based CMS mass-exploitation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426942/100/0/threaded"
},
{
"name": "15461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15461"
},
{
"name": "17622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17622"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.mamboserver.com/showthread.php?t=66154"
},
{
"name": "1015258",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015258"
},
{
"name": "20051116 mambo remote code sexecution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0520.html"
},
{
"name": "20060308 RE: [Full-disclosure] PHP-based CMS mass-exploitation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427196/100/0/threaded"
},
{
"name": "20051118 Mambo 0day Exploit out in the wild - mambo/skype hacked",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417215"
},
{
"name": "ADV-2005-2473",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2473"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060307 PHP-based CMS mass-exploitation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/426942/100/0/threaded"
},
{
"name": "15461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15461"
},
{
"name": "17622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17622"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.mamboserver.com/showthread.php?t=66154"
},
{
"name": "1015258",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015258"
},
{
"name": "20051116 mambo remote code sexecution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0520.html"
},
{
"name": "20060308 RE: [Full-disclosure] PHP-based CMS mass-exploitation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427196/100/0/threaded"
},
{
"name": "20051118 Mambo 0day Exploit out in the wild - mambo/skype hacked",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417215"
},
{
"name": "ADV-2005-2473",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2473"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060307 PHP-based CMS mass-exploitation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426942/100/0/threaded"
},
{
"name": "15461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15461"
},
{
"name": "17622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17622"
},
{
"name": "http://forum.mamboserver.com/showthread.php?t=66154",
"refsource": "CONFIRM",
"url": "http://forum.mamboserver.com/showthread.php?t=66154"
},
{
"name": "1015258",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015258"
},
{
"name": "20051116 mambo remote code sexecution",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0520.html"
},
{
"name": "20060308 RE: [Full-disclosure] PHP-based CMS mass-exploitation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427196/100/0/threaded"
},
{
"name": "20051118 Mambo 0day Exploit out in the wild - mambo/skype hacked",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417215"
},
{
"name": "ADV-2005-2473",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2473"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3738",
"datePublished": "2005-11-22T11:00:00",
"dateReserved": "2005-11-22T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1662 (GCVE-0-2002-1662)
Vulnerability from cvelistv5 – Published: 2005-05-19 04:00 – Updated: 2024-08-08 03:34
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:55.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mambo-name-field-xss(10859)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10859"
},
{
"name": "6386",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6386"
},
{
"name": "20021212 Multiple Mambo Site Server sec-weaknesses",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
},
{
"name": "mambo-search-xss(10854)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10854"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the \"Your name\" field during account registration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mambo-name-field-xss(10859)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10859"
},
{
"name": "6386",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6386"
},
{
"name": "20021212 Multiple Mambo Site Server sec-weaknesses",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
},
{
"name": "mambo-search-xss(10854)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10854"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the \"Your name\" field during account registration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mambo-name-field-xss(10859)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10859"
},
{
"name": "6386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6386"
},
{
"name": "20021212 Multiple Mambo Site Server sec-weaknesses",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
},
{
"name": "mambo-search-xss(10854)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10854"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1662",
"datePublished": "2005-05-19T04:00:00",
"dateReserved": "2005-05-19T00:00:00",
"dateUpdated": "2024-08-08T03:34:55.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1203 (GCVE-0-2003-1203)
Vulnerability from cvelistv5 – Published: 2005-05-19 04:00 – Updated: 2024-08-08 02:19
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:45.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030318 Some XSS vulns",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html"
},
{
"name": "7135",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7135"
},
{
"name": "mambo-option-index-xss(11601)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030318 Some XSS vulns",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html"
},
{
"name": "7135",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7135"
},
{
"name": "mambo-option-index-xss(11601)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030318 Some XSS vulns",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html"
},
{
"name": "7135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7135"
},
{
"name": "mambo-option-index-xss(11601)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1203",
"datePublished": "2005-05-19T04:00:00",
"dateReserved": "2005-05-19T00:00:00",
"dateUpdated": "2024-08-08T02:19:45.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1011 (GCVE-0-2001-1011)
Vulnerability from cvelistv5 – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:37
VLAI?
Summary
index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:07.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mambo-phpsessid-gain-privileges(6910)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6910"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://prdownloads.sourceforge.net/mambo/mambov3.0.6.tar.gz"
},
{
"name": "20010725 Serious security hole in Mambo Site Server version 3.0.X",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0569.html"
},
{
"name": "1911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1911"
},
{
"name": "3093",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-06T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mambo-phpsessid-gain-privileges(6910)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6910"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://prdownloads.sourceforge.net/mambo/mambov3.0.6.tar.gz"
},
{
"name": "20010725 Serious security hole in Mambo Site Server version 3.0.X",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0569.html"
},
{
"name": "1911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1911"
},
{
"name": "3093",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mambo-phpsessid-gain-privileges(6910)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6910"
},
{
"name": "http://prdownloads.sourceforge.net/mambo/mambov3.0.6.tar.gz",
"refsource": "CONFIRM",
"url": "http://prdownloads.sourceforge.net/mambo/mambov3.0.6.tar.gz"
},
{
"name": "20010725 Serious security hole in Mambo Site Server version 3.0.X",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0569.html"
},
{
"name": "1911",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1911"
},
{
"name": "3093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1011",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:37:07.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2290 (GCVE-0-2002-2290)
Vulnerability from nvd – Published: 2007-10-18 10:00 – Updated: 2024-08-08 03:59
VLAI?
Summary
Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.347Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mambo-default-admin-password(10857)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10857"
},
{
"name": "20021212 Multiple Mambo Site Server sec-weaknesses",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mambo-default-admin-password(10857)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10857"
},
{
"name": "20021212 Multiple Mambo Site Server sec-weaknesses",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mambo-default-admin-password(10857)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10857"
},
{
"name": "20021212 Multiple Mambo Site Server sec-weaknesses",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2290",
"datePublished": "2007-10-18T10:00:00",
"dateReserved": "2007-10-17T00:00:00",
"dateUpdated": "2024-08-08T03:59:11.347Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2247 (GCVE-0-2002-2247)
Vulnerability from nvd – Published: 2007-10-14 20:00 – Updated: 2024-08-08 03:59
VLAI?
Summary
The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mambo-phpinfo-disclose-path(10853)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10853"
},
{
"name": "20021212 Multiple Mambo Site Server sec-weaknesses",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
},
{
"name": "6376",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6376"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mambo-phpinfo-disclose-path(10853)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10853"
},
{
"name": "20021212 Multiple Mambo Site Server sec-weaknesses",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
},
{
"name": "6376",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6376"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mambo-phpinfo-disclose-path(10853)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10853"
},
{
"name": "20021212 Multiple Mambo Site Server sec-weaknesses",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
},
{
"name": "6376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6376"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2247",
"datePublished": "2007-10-14T20:00:00",
"dateReserved": "2007-10-14T00:00:00",
"dateUpdated": "2024-08-08T03:59:11.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4745 (GCVE-0-2007-4745)
Vulnerability from nvd – Published: 2007-09-06 22:00 – Updated: 2024-08-07 15:08
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:08:33.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37533",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37533"
},
{
"name": "25576",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25576"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://trew.icenetx.net/toolz/advisory-mambo-akobook-en.txt"
},
{
"name": "26706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26706"
},
{
"name": "3101",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3101"
},
{
"name": "ADV-2007-3080",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3080"
},
{
"name": "akobook-gb-xss(36471)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36471"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37533",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37533"
},
{
"name": "25576",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25576"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://trew.icenetx.net/toolz/advisory-mambo-akobook-en.txt"
},
{
"name": "26706",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26706"
},
{
"name": "3101",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3101"
},
{
"name": "ADV-2007-3080",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3080"
},
{
"name": "akobook-gb-xss(36471)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36471"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37533",
"refsource": "OSVDB",
"url": "http://osvdb.org/37533"
},
{
"name": "25576",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25576"
},
{
"name": "http://trew.icenetx.net/toolz/advisory-mambo-akobook-en.txt",
"refsource": "MISC",
"url": "http://trew.icenetx.net/toolz/advisory-mambo-akobook-en.txt"
},
{
"name": "26706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26706"
},
{
"name": "3101",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3101"
},
{
"name": "ADV-2007-3080",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3080"
},
{
"name": "akobook-gb-xss(36471)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36471"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4745",
"datePublished": "2007-09-06T22:00:00",
"dateReserved": "2007-09-06T00:00:00",
"dateUpdated": "2024-08-07T15:08:33.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3738 (GCVE-0-2005-3738)
Vulnerability from nvd – Published: 2005-11-22 11:00 – Updated: 2024-08-07 23:24
VLAI?
Summary
globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:24:36.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060307 PHP-based CMS mass-exploitation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/426942/100/0/threaded"
},
{
"name": "15461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15461"
},
{
"name": "17622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17622"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.mamboserver.com/showthread.php?t=66154"
},
{
"name": "1015258",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015258"
},
{
"name": "20051116 mambo remote code sexecution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0520.html"
},
{
"name": "20060308 RE: [Full-disclosure] PHP-based CMS mass-exploitation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427196/100/0/threaded"
},
{
"name": "20051118 Mambo 0day Exploit out in the wild - mambo/skype hacked",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/417215"
},
{
"name": "ADV-2005-2473",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2473"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060307 PHP-based CMS mass-exploitation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/426942/100/0/threaded"
},
{
"name": "15461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15461"
},
{
"name": "17622",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17622"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.mamboserver.com/showthread.php?t=66154"
},
{
"name": "1015258",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015258"
},
{
"name": "20051116 mambo remote code sexecution",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0520.html"
},
{
"name": "20060308 RE: [Full-disclosure] PHP-based CMS mass-exploitation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427196/100/0/threaded"
},
{
"name": "20051118 Mambo 0day Exploit out in the wild - mambo/skype hacked",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/417215"
},
{
"name": "ADV-2005-2473",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2473"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060307 PHP-based CMS mass-exploitation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/426942/100/0/threaded"
},
{
"name": "15461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15461"
},
{
"name": "17622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17622"
},
{
"name": "http://forum.mamboserver.com/showthread.php?t=66154",
"refsource": "CONFIRM",
"url": "http://forum.mamboserver.com/showthread.php?t=66154"
},
{
"name": "1015258",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015258"
},
{
"name": "20051116 mambo remote code sexecution",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0520.html"
},
{
"name": "20060308 RE: [Full-disclosure] PHP-based CMS mass-exploitation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427196/100/0/threaded"
},
{
"name": "20051118 Mambo 0day Exploit out in the wild - mambo/skype hacked",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417215"
},
{
"name": "ADV-2005-2473",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2473"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3738",
"datePublished": "2005-11-22T11:00:00",
"dateReserved": "2005-11-22T00:00:00",
"dateUpdated": "2024-08-07T23:24:36.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1662 (GCVE-0-2002-1662)
Vulnerability from nvd – Published: 2005-05-19 04:00 – Updated: 2024-08-08 03:34
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:55.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mambo-name-field-xss(10859)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10859"
},
{
"name": "6386",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6386"
},
{
"name": "20021212 Multiple Mambo Site Server sec-weaknesses",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
},
{
"name": "mambo-search-xss(10854)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10854"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-12-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the \"Your name\" field during account registration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mambo-name-field-xss(10859)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10859"
},
{
"name": "6386",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6386"
},
{
"name": "20021212 Multiple Mambo Site Server sec-weaknesses",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
},
{
"name": "mambo-search-xss(10854)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10854"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the \"Your name\" field during account registration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mambo-name-field-xss(10859)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10859"
},
{
"name": "6386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6386"
},
{
"name": "20021212 Multiple Mambo Site Server sec-weaknesses",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
},
{
"name": "mambo-search-xss(10854)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10854"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1662",
"datePublished": "2005-05-19T04:00:00",
"dateReserved": "2005-05-19T00:00:00",
"dateUpdated": "2024-08-08T03:34:55.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1203 (GCVE-0-2003-1203)
Vulnerability from nvd – Published: 2005-05-19 04:00 – Updated: 2024-08-08 02:19
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:45.876Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030318 Some XSS vulns",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html"
},
{
"name": "7135",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7135"
},
{
"name": "mambo-option-index-xss(11601)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030318 Some XSS vulns",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html"
},
{
"name": "7135",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7135"
},
{
"name": "mambo-option-index-xss(11601)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11601"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030318 Some XSS vulns",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html"
},
{
"name": "7135",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7135"
},
{
"name": "mambo-option-index-xss(11601)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11601"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1203",
"datePublished": "2005-05-19T04:00:00",
"dateReserved": "2005-05-19T00:00:00",
"dateUpdated": "2024-08-08T02:19:45.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1011 (GCVE-0-2001-1011)
Vulnerability from nvd – Published: 2002-03-09 05:00 – Updated: 2024-08-08 04:37
VLAI?
Summary
index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:37:07.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mambo-phpsessid-gain-privileges(6910)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6910"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://prdownloads.sourceforge.net/mambo/mambov3.0.6.tar.gz"
},
{
"name": "20010725 Serious security hole in Mambo Site Server version 3.0.X",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0569.html"
},
{
"name": "1911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/1911"
},
{
"name": "3093",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3093"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-06T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mambo-phpsessid-gain-privileges(6910)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6910"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://prdownloads.sourceforge.net/mambo/mambov3.0.6.tar.gz"
},
{
"name": "20010725 Serious security hole in Mambo Site Server version 3.0.X",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0569.html"
},
{
"name": "1911",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/1911"
},
{
"name": "3093",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3093"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1011",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mambo-phpsessid-gain-privileges(6910)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6910"
},
{
"name": "http://prdownloads.sourceforge.net/mambo/mambov3.0.6.tar.gz",
"refsource": "CONFIRM",
"url": "http://prdownloads.sourceforge.net/mambo/mambov3.0.6.tar.gz"
},
{
"name": "20010725 Serious security hole in Mambo Site Server version 3.0.X",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0569.html"
},
{
"name": "1911",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1911"
},
{
"name": "3093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3093"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1011",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:37:07.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2007-4745
Vulnerability from fkie_nvd - Published: 2007-09-06 22:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| joomla | akobook | 3.42 | |
| mambo | mambo_site_server | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joomla:akobook:3.42:*:*:*:*:*:*:*",
"matchCriteriaId": "55DA99A1-78F5-43FF-9079-3BC880D69CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mambo:mambo_site_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99FF2031-A22B-43A8-80FD-1161D63E2C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el componente AkoBook 3.42 y versiones anteriores (com_akobook) para Mambo, permiten a atacantes remotos la inyecci\u00f3n de secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de eventos de Javascript en los par\u00e1metros (1) gbmail y (2) gbpage en la funci\u00f3n sign."
}
],
"id": "CVE-2007-4745",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-09-06T22:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37533"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26706"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3101"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://trew.icenetx.net/toolz/advisory-mambo-akobook-en.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25576"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3080"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37533"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://trew.icenetx.net/toolz/advisory-mambo-akobook-en.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36471"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-3738
Vulnerability from fkie_nvd - Published: 2005-11-22 11:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mambo | mambo_site_server | 4.0 | |
| mambo | mambo_site_server | 4.0.10 | |
| mambo | mambo_site_server | 4.0.11 | |
| mambo | mambo_site_server | 4.0.12 | |
| mambo | mambo_site_server | 4.0.12_beta | |
| mambo | mambo_site_server | 4.0.12_beta_2 | |
| mambo | mambo_site_server | 4.0.12_rc1 | |
| mambo | mambo_site_server | 4.0.12_rc2 | |
| mambo | mambo_site_server | 4.0.12_rc3 | |
| mambo | mambo_site_server | 4.0.14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE4760B9-54F5-493C-A11E-B77DA6EC6C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DD99A44A-B0C5-4C4F-A2C5-E887A50D524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB5F323-A895-4392-8801-17A91A3DF23A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E0ED5902-9239-426B-BAE1-43B0B81D3698",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.12_beta:*:*:*:*:*:*:*",
"matchCriteriaId": "8D336F35-29A5-4937-AFD9-A270FBBCAF41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.12_beta_2:*:*:*:*:*:*:*",
"matchCriteriaId": "99ECD749-5ACB-4322-9176-E2818A375507",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.12_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "93111FE2-AB73-41D4-96B8-6C6FD1C36708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.12_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FA85FE-1057-4BA8-B706-7590290E7BA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.12_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "C4800B71-007D-41C8-8450-EF06D7920E50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "DE093E4B-37EB-4DB9-A6BD-5C22251E6F88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion."
},
{
"lang": "es",
"value": "globals.php en Mambo Site Server 4.0.14 y anteriores, cuando \"register_globals\" est\u00e1 desactivado, permite a atacantes remotos sobreescribir variables mediante el \u0027array\u0027 \"GLOBALS\" y llevar a cabo varios ataques, como se ha demostrado usando el par\u00e1metro \"mosConfig_absolute_path\" de content.html.php para inclusi\u00f3n remota de PHP."
}
],
"id": "CVE-2005-3738",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-22T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0520.html"
},
{
"source": "cve@mitre.org",
"url": "http://forum.mamboserver.com/showthread.php?t=66154"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17622"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015258"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/417215"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/426942/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/427196/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15461"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0520.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.mamboserver.com/showthread.php?t=66154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/417215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/426942/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/427196/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2473"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2003-1203
Vulnerability from fkie_nvd - Published: 2003-03-18 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mambo | mambo_site_server | 4.0.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DD99A44A-B0C5-4C4F-A2C5-E887A50D524A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter."
}
],
"id": "CVE-2003-1203",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-03-18T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/7135"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-03/0275.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/7135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11601"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2002-1662
Vulnerability from fkie_nvd - Published: 2002-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mambo | mambo_site_server | 4.0.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB5F323-A895-4392-8801-17A91A3DF23A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the \"Your name\" field during account registration."
}
],
"id": "CVE-2002-1662",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/6386"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10854"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10859"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/6386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10859"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2002-2290
Vulnerability from fkie_nvd - Published: 2002-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mambo | mambo_site_server | 4.0.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB5F323-A895-4392-8801-17A91A3DF23A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges."
}
],
"id": "CVE-2002-2290",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10857"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10857"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2002-2247
Vulnerability from fkie_nvd - Published: 2002-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mambo | mambo_site_server | 4.0.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mambo:mambo_site_server:4.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB5F323-A895-4392-8801-17A91A3DF23A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function."
}
],
"id": "CVE-2002-2247",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/6376"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/6376"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10853"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2001-1011
Vulnerability from fkie_nvd - Published: 2001-07-25 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mambo | mambo_site_server | 3.0 | |
| mambo | mambo_site_server | 3.0.1 | |
| mambo | mambo_site_server | 3.0.2 | |
| mambo | mambo_site_server | 3.0.3 | |
| mambo | mambo_site_server | 3.0.4 | |
| mambo | mambo_site_server | 3.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mambo:mambo_site_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "677FC209-BD49-4331-9723-DEDE4F8BC20D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mambo:mambo_site_server:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "758CAFF4-10F3-49A6-98DA-B043F3E9EF12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mambo:mambo_site_server:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FE13A8C-F380-4925-AC25-A3980D52C7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mambo:mambo_site_server:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E8B61B-0761-40FC-99FF-58BC8725FE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mambo:mambo_site_server:3.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0B499138-1060-4FF5-B6B7-C6326CAF9411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mambo:mambo_site_server:3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "61F070B7-A0A3-43FD-8D9C-98798F1E8286",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters."
}
],
"id": "CVE-2001-1011",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-07-25T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0569.html"
},
{
"source": "cve@mitre.org",
"url": "http://prdownloads.sourceforge.net/mambo/mambov3.0.6.tar.gz"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/1911"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3093"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6910"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-07/0569.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://prdownloads.sourceforge.net/mambo/mambov3.0.6.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/1911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6910"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}