Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for mambo_cms by mambo-foundation
CVE-2011-2499 (GCVE-0-2011-2499)
Vulnerability from nvd – Published: 2020-02-12 19:09 – Updated: 2024-08-06 23:00
VLAI?
Summary
Mambo CMS through 4.6.5 has multiple XSS.
Severity ?
No CVSS data available.
CWE
- XSS
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:33.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110628 Re: CVE Request: Mambo CMS 4.6.x | Multiple Cross Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/06/28/15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CMS",
"vendor": "Mambo",
"versions": [
{
"status": "affected",
"version": "through 4.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mambo CMS through 4.6.5 has multiple XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T19:09:15.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110628 Re: CVE Request: Mambo CMS 4.6.x | Multiple Cross Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2011/06/28/15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CMS",
"version": {
"version_data": [
{
"version_value": "through 4.6.5"
}
]
}
}
]
},
"vendor_name": "Mambo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mambo CMS through 4.6.5 has multiple XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110628 Re: CVE Request: Mambo CMS 4.6.x | Multiple Cross Site Scripting Vulnerabilities",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2011/06/28/15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2499",
"datePublished": "2020-02-12T19:09:15.000Z",
"dateReserved": "2011-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:00:33.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2565 (GCVE-0-2013-2565)
Vulnerability from nvd – Published: 2019-02-15 21:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.
Severity ?
No CVSS data available.
CWE
- Mambo CMS vulnerabilities
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2019-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/projects/mambo/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=75"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mambo CMS",
"vendor": "Mambo",
"versions": [
{
"lessThanOrEqual": "4.6.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2012-01-02T00:00:00.000Z",
"datePublic": "2019-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Mambo CMS vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-15T20:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/projects/mambo/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=75"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2012-01-02",
"ID": "CVE-2013-2565",
"REQUESTER": "cve-assign@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-02-11T10:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mambo CMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.6.5"
}
]
}
}
]
},
"vendor_name": "Mambo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Mambo CMS vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/mambo/",
"refsource": "MISC",
"url": "http://sourceforge.net/projects/mambo/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=75",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=75"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2013-2565",
"datePublished": "2019-02-15T21:00:00.000Z",
"dateReserved": "2013-03-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2564 (GCVE-0-2013-2564)
Vulnerability from nvd – Published: 2014-06-09 19:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2012-06-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"name": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"name": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2564",
"datePublished": "2014-06-09T19:00:00.000Z",
"dateReserved": "2013-03-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2563 (GCVE-0-2013-2563)
Vulnerability from nvd – Published: 2014-06-09 19:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2012-06-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"name": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"name": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2563",
"datePublished": "2014-06-09T19:00:00.000Z",
"dateReserved": "2013-03-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2562 (GCVE-0-2013-2562)
Vulnerability from nvd – Published: 2014-06-09 19:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2012-06-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"name": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"name": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2562",
"datePublished": "2014-06-09T19:00:00.000Z",
"dateReserved": "2013-03-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2499 (GCVE-0-2011-2499)
Vulnerability from cvelistv5 – Published: 2020-02-12 19:09 – Updated: 2024-08-06 23:00
VLAI?
Summary
Mambo CMS through 4.6.5 has multiple XSS.
Severity ?
No CVSS data available.
CWE
- XSS
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:33.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110628 Re: CVE Request: Mambo CMS 4.6.x | Multiple Cross Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/06/28/15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CMS",
"vendor": "Mambo",
"versions": [
{
"status": "affected",
"version": "through 4.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mambo CMS through 4.6.5 has multiple XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T19:09:15.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110628 Re: CVE Request: Mambo CMS 4.6.x | Multiple Cross Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2011/06/28/15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CMS",
"version": {
"version_data": [
{
"version_value": "through 4.6.5"
}
]
}
}
]
},
"vendor_name": "Mambo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mambo CMS through 4.6.5 has multiple XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110628 Re: CVE Request: Mambo CMS 4.6.x | Multiple Cross Site Scripting Vulnerabilities",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2011/06/28/15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2499",
"datePublished": "2020-02-12T19:09:15.000Z",
"dateReserved": "2011-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:00:33.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2565 (GCVE-0-2013-2565)
Vulnerability from cvelistv5 – Published: 2019-02-15 21:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.
Severity ?
No CVSS data available.
CWE
- Mambo CMS vulnerabilities
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2019-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/projects/mambo/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=75"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mambo CMS",
"vendor": "Mambo",
"versions": [
{
"lessThanOrEqual": "4.6.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2012-01-02T00:00:00.000Z",
"datePublic": "2019-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Mambo CMS vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-15T20:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/projects/mambo/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=75"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2012-01-02",
"ID": "CVE-2013-2565",
"REQUESTER": "cve-assign@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-02-11T10:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mambo CMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.6.5"
}
]
}
}
]
},
"vendor_name": "Mambo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Mambo CMS vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/mambo/",
"refsource": "MISC",
"url": "http://sourceforge.net/projects/mambo/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=75",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=75"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2013-2565",
"datePublished": "2019-02-15T21:00:00.000Z",
"dateReserved": "2013-03-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2563 (GCVE-0-2013-2563)
Vulnerability from cvelistv5 – Published: 2014-06-09 19:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2012-06-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"name": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"name": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2563",
"datePublished": "2014-06-09T19:00:00.000Z",
"dateReserved": "2013-03-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2562 (GCVE-0-2013-2562)
Vulnerability from cvelistv5 – Published: 2014-06-09 19:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2012-06-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"name": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"name": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2562",
"datePublished": "2014-06-09T19:00:00.000Z",
"dateReserved": "2013-03-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2564 (GCVE-0-2013-2564)
Vulnerability from cvelistv5 – Published: 2014-06-09 19:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2012-06-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"name": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"name": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2564",
"datePublished": "2014-06-09T19:00:00.000Z",
"dateReserved": "2013-03-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}