[SGVLUG] Mambo
Manuel Fernandes
manuelf at mailblocks.com
Tue Jul 5 14:44:42 PDT 2005
FYI: is the http://sgvlug.laurences.net/mambo/ site on 4.5.2.2?
48. Mambo Open Source Multiple Unspecified Injection Vulnerabilities
BugTraq ID: 14117
Remote: Yes
Date Published: 2005-06-30
Relevant URL: http://www.securityfocus.com/bid/14117
Summary:
Mambo is prone to multiple unspecified injection vulnerabilities.
These issues are most likely due to a failure in the application to
properly sanitize user-supplied input.
Successful exploitation of these vulnerabilities could lead to
unauthorized access; other attacks may also be possible.
The vendor has addressed these issues in Mambo version 4.5.2.2 and
later; earlier versions are reported vulnerable.
49. Mambo Open Source Session ID Spoofing Vulnerability
BugTraq ID: 14119
Remote: Yes
Date Published: 2005-06-30
Relevant URL: http://www.securityfocus.com/bid/14119
Summary:
Mambo is prone to a session ID spoofing vulnerability. This issue is
due to a failure in the application to properly sanitize user-supplied
input.
The vendor has addressed this issue in Mambo 4.5.2.2 and later; earlier
versions are reported vulnerable.
50. Mambo Open Source MosDBTable Class Unspecified Vulnerability
BugTraq ID: 14120
Remote: Yes
Date Published: 2005-06-30
Relevant URL: http://www.securityfocus.com/bid/14120
Summary:
Mambo is prone to an unspecified vulnerability. Vendor reports indicate
that the issue exists due to a problem with the bind method in the
Mambo mosDBTable class.
The potential impact of this issue is currently unknown. This BID will
be updated when further information is made available.
More information about the SGVLUG
mailing list