[SGVLUG] Mambo

[Manuel Fernandes]

FYI: is the http://sgvlug.laurences.net/mambo/ site on 4.5.2.2?


48. Mambo Open Source Multiple Unspecified Injection Vulnerabilities
BugTraq ID: 14117
Remote: Yes
Date Published: 2005-06-30
Relevant URL: http://www.securityfocus.com/bid/14117
Summary:
Mambo is prone to multiple unspecified injection vulnerabilities.  
These issues are most likely due to a failure in the application to 
properly sanitize user-supplied input.

Successful exploitation of these vulnerabilities could lead to 
unauthorized access; other attacks may also be possible.

The vendor has addressed these issues in Mambo version 4.5.2.2 and 
later; earlier versions are reported vulnerable.

49. Mambo Open Source Session ID Spoofing Vulnerability
BugTraq ID: 14119
Remote: Yes
Date Published: 2005-06-30
Relevant URL: http://www.securityfocus.com/bid/14119
Summary:
Mambo is prone to a session ID spoofing vulnerability.  This issue is 
due to a failure in the application to properly sanitize user-supplied 
input.

The vendor has addressed this issue in Mambo 4.5.2.2 and later; earlier 
versions are reported vulnerable.



50. Mambo Open Source MosDBTable Class Unspecified Vulnerability
BugTraq ID: 14120
Remote: Yes
Date Published: 2005-06-30
Relevant URL: http://www.securityfocus.com/bid/14120
Summary:
Mambo is prone to an unspecified vulnerability. Vendor reports indicate 
that the issue exists due to a problem with the bind method in the 
Mambo mosDBTable class.

The potential impact of this issue is currently unknown. This BID will 
be updated when further information is made available.