Search
Find a vulnerability
Search criteria
10 vulnerabilities found for mambo_cms by mambo-foundation
CVE-2011-2499 (GCVE-0-2011-2499)
Vulnerability from nvd – Published: 2020-02-12 19:09 – Updated: 2024-08-06 23:00
VLAI
Summary
Mambo CMS through 4.6.5 has multiple XSS.
Severity
No CVSS data available.
CWE
- XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2011/… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:33.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110628 Re: CVE Request: Mambo CMS 4.6.x | Multiple Cross Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/06/28/15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CMS",
"vendor": "Mambo",
"versions": [
{
"status": "affected",
"version": "through 4.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mambo CMS through 4.6.5 has multiple XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T19:09:15.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110628 Re: CVE Request: Mambo CMS 4.6.x | Multiple Cross Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2011/06/28/15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CMS",
"version": {
"version_data": [
{
"version_value": "through 4.6.5"
}
]
}
}
]
},
"vendor_name": "Mambo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mambo CMS through 4.6.5 has multiple XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110628 Re: CVE Request: Mambo CMS 4.6.x | Multiple Cross Site Scripting Vulnerabilities",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2011/06/28/15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2499",
"datePublished": "2020-02-12T19:09:15.000Z",
"dateReserved": "2011-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:00:33.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2565 (GCVE-0-2013-2565)
Vulnerability from nvd – Published: 2019-02-15 21:00 – Updated: 2024-08-06 15:44
VLAI
Summary
A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.
Severity
No CVSS data available.
CWE
- Mambo CMS vulnerabilities
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://sourceforge.net/projects/mambo/ | x_refsource_MISC |
| http://www.vapidlabs.com/advisory.php?v=75 | x_refsource_MISC |
Impacted products
Date Public
2019-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/projects/mambo/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=75"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mambo CMS",
"vendor": "Mambo",
"versions": [
{
"lessThanOrEqual": "4.6.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2012-01-02T00:00:00.000Z",
"datePublic": "2019-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Mambo CMS vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-15T20:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/projects/mambo/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=75"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2012-01-02",
"ID": "CVE-2013-2565",
"REQUESTER": "cve-assign@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-02-11T10:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mambo CMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.6.5"
}
]
}
}
]
},
"vendor_name": "Mambo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Mambo CMS vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/mambo/",
"refsource": "MISC",
"url": "http://sourceforge.net/projects/mambo/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=75",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=75"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2013-2565",
"datePublished": "2019-02-15T21:00:00.000Z",
"dateReserved": "2013-03-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2564 (GCVE-0-2013-2564)
Vulnerability from nvd – Published: 2014-06-09 19:00 – Updated: 2024-08-06 15:44
VLAI
Summary
Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2013/q1/689 | mailing-listx_refsource_MLIST |
| http://packetstormsecurity.com/files/108462/mambo… | x_refsource_MISC |
| http://www.vapid.dhs.org/advisories/mambo_cms_4.6… | x_refsource_MISC |
Date Public
2012-06-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"name": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"name": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2564",
"datePublished": "2014-06-09T19:00:00.000Z",
"dateReserved": "2013-03-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2563 (GCVE-0-2013-2563)
Vulnerability from nvd – Published: 2014-06-09 19:00 – Updated: 2024-08-06 15:44
VLAI
Summary
Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2013/q1/689 | mailing-listx_refsource_MLIST |
| http://packetstormsecurity.com/files/108462/mambo… | x_refsource_MISC |
| http://www.vapid.dhs.org/advisories/mambo_cms_4.6… | x_refsource_MISC |
Date Public
2012-06-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"name": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"name": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2563",
"datePublished": "2014-06-09T19:00:00.000Z",
"dateReserved": "2013-03-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2562 (GCVE-0-2013-2562)
Vulnerability from nvd – Published: 2014-06-09 19:00 – Updated: 2024-08-06 15:44
VLAI
Summary
Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2013/q1/689 | mailing-listx_refsource_MLIST |
| http://packetstormsecurity.com/files/108462/mambo… | x_refsource_MISC |
| http://www.vapid.dhs.org/advisories/mambo_cms_4.6… | x_refsource_MISC |
Date Public
2012-06-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"name": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"name": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2562",
"datePublished": "2014-06-09T19:00:00.000Z",
"dateReserved": "2013-03-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2499 (GCVE-0-2011-2499)
Vulnerability from cvelistv5 – Published: 2020-02-12 19:09 – Updated: 2024-08-06 23:00
VLAI
Summary
Mambo CMS through 4.6.5 has multiple XSS.
Severity
No CVSS data available.
CWE
- XSS
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.openwall.com/lists/oss-security/2011/… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:00:33.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110628 Re: CVE Request: Mambo CMS 4.6.x | Multiple Cross Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/06/28/15"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CMS",
"vendor": "Mambo",
"versions": [
{
"status": "affected",
"version": "through 4.6.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mambo CMS through 4.6.5 has multiple XSS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XSS",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T19:09:15.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110628 Re: CVE Request: Mambo CMS 4.6.x | Multiple Cross Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2011/06/28/15"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-2499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CMS",
"version": {
"version_data": [
{
"version_value": "through 4.6.5"
}
]
}
}
]
},
"vendor_name": "Mambo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mambo CMS through 4.6.5 has multiple XSS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110628 Re: CVE Request: Mambo CMS 4.6.x | Multiple Cross Site Scripting Vulnerabilities",
"refsource": "MLIST",
"url": "https://www.openwall.com/lists/oss-security/2011/06/28/15"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2499",
"datePublished": "2020-02-12T19:09:15.000Z",
"dateReserved": "2011-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:00:33.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2565 (GCVE-0-2013-2565)
Vulnerability from cvelistv5 – Published: 2019-02-15 21:00 – Updated: 2024-08-06 15:44
VLAI
Summary
A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver.
Severity
No CVSS data available.
CWE
- Mambo CMS vulnerabilities
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://sourceforge.net/projects/mambo/ | x_refsource_MISC |
| http://www.vapidlabs.com/advisory.php?v=75 | x_refsource_MISC |
Impacted products
Date Public
2019-02-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sourceforge.net/projects/mambo/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapidlabs.com/advisory.php?v=75"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mambo CMS",
"vendor": "Mambo",
"versions": [
{
"lessThanOrEqual": "4.6.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"dateAssigned": "2012-01-02T00:00:00.000Z",
"datePublic": "2019-02-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Mambo CMS vulnerabilities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-15T20:57:01.000Z",
"orgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"shortName": "larry_cashdollar"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sourceforge.net/projects/mambo/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapidlabs.com/advisory.php?v=75"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2012-01-02",
"ID": "CVE-2013-2565",
"REQUESTER": "cve-assign@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-02-11T10:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mambo CMS",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.6.5"
}
]
}
}
]
},
"vendor_name": "Mambo"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Mambo CMS vulnerabilities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/mambo/",
"refsource": "MISC",
"url": "http://sourceforge.net/projects/mambo/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=75",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=75"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "461b2335-328f-427d-ae3d-eff7d6814455",
"assignerShortName": "larry_cashdollar",
"cveId": "CVE-2013-2565",
"datePublished": "2019-02-15T21:00:00.000Z",
"dateReserved": "2013-03-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2562 (GCVE-0-2013-2562)
Vulnerability from cvelistv5 – Published: 2014-06-09 19:00 – Updated: 2024-08-06 15:44
VLAI
Summary
Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2013/q1/689 | mailing-listx_refsource_MLIST |
| http://packetstormsecurity.com/files/108462/mambo… | x_refsource_MISC |
| http://www.vapid.dhs.org/advisories/mambo_cms_4.6… | x_refsource_MISC |
Date Public
2012-06-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"name": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"name": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2562",
"datePublished": "2014-06-09T19:00:00.000Z",
"dateReserved": "2013-03-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2564 (GCVE-0-2013-2564)
Vulnerability from cvelistv5 – Published: 2014-06-09 19:00 – Updated: 2024-08-06 15:44
VLAI
Summary
Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2013/q1/689 | mailing-listx_refsource_MLIST |
| http://packetstormsecurity.com/files/108462/mambo… | x_refsource_MISC |
| http://www.vapid.dhs.org/advisories/mambo_cms_4.6… | x_refsource_MISC |
Date Public
2012-06-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"name": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"name": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2564",
"datePublished": "2014-06-09T19:00:00.000Z",
"dateReserved": "2013-03-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2563 (GCVE-0-2013-2563)
Vulnerability from cvelistv5 – Published: 2014-06-09 19:00 – Updated: 2024-08-06 15:44
VLAI
Summary
Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/oss-sec/2013/q1/689 | mailing-listx_refsource_MLIST |
| http://packetstormsecurity.com/files/108462/mambo… | x_refsource_MISC |
| http://www.vapid.dhs.org/advisories/mambo_cms_4.6… | x_refsource_MISC |
Date Public
2012-06-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-06-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-09T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20130319 Fwd: CVE requests",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q1/689"
},
{
"name": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt"
},
{
"name": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2563",
"datePublished": "2014-06-09T19:00:00.000Z",
"dateReserved": "2013-03-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}