FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID Description

VuXML ID	Description
f70d09cb-0c46-11db-aac7-000c6ec775d9	mambo -- SQL injection vulnerabilities The Team Mambo reports that two SQL injection vulnerabilities have been found in Mambo. The vulnerabilities exists due to missing sanitation of the `title` and `catid` parameters in the `weblinks.php` page and can lead to execution of arbitrary SQL code. Discovery 2006-06-19 Entry 2006-07-05 Modified 2006-10-05 mambo < 4.5.4 16775 CVE-2006-0871 CVE-2006-1794 CVE-2006-3262 CVE-2006-3263 http://marc.theaimsgroup.com/?l=bugtraq&m=115056811230529 http://secunia.com/advisories/18935/ http://secunia.com/advisories/20745/ http://www.mamboserver.com/?option=com_content&task=view&id=207 http://www.gulftech.org/?node=research&article_id=00104-02242006
8a5770b4-54b5-11db-a5ae-00508d6a62df	mambo -- multiple SQL injection vulnerabilities James Bercegay reports: Mambo is vulnerable to an Authentication Bypass issue that is due to an SQL Injection in the login function. The SQL Injection is possible because the $passwd variable is only sanitized when it is not passed as an argument to the function. Omid reports: There are several sql injections in Mambo 4.6 RC2 & Joomla 1.0.10 (and maybe other versions): When a user edits a content, the "id" parameter is not checked properly in /components/com_content/content.php, which can cause 2 sql injections. The "limit" parameter in the administration section is not checked. This affects many pages of administration section In the administration section, while editing/creating a user, the "gid" parameter is not checked properly. Discovery 2006-08-26 Entry 2006-10-05 Modified 2011-06-27 mambo < 4.6.5 19719 19734 http://www.gulftech.org/?node=research&article_id=00116-10042006 http://seclists.org/bugtraq/2006/Aug/0491.html http://www.frsirt.com/english/advisories/2006/3918 http://mamboxchange.com/forum/forum.php?forum_id=7704 http://secunia.com/advisories/21644/ http://secunia.com/advisories/22221/

f70d09cb-0c46-11db-aac7-000c6ec775d9

mambo -- SQL injection vulnerabilities

The Team Mambo reports that two SQL injection vulnerabilities have been found in Mambo. The vulnerabilities exists due to missing sanitation of the title and catid parameters in the weblinks.php page and can lead to execution of arbitrary SQL code.

Discovery 2006-06-19
Entry 2006-07-05
Modified 2006-10-05
mambo

< 4.5.4

16775
CVE-2006-0871
CVE-2006-1794
CVE-2006-3262
CVE-2006-3263
http://marc.theaimsgroup.com/?l=bugtraq&m=115056811230529
http://secunia.com/advisories/18935/
http://secunia.com/advisories/20745/
http://www.mamboserver.com/?option=com_content&task=view&id=207
http://www.gulftech.org/?node=research&article_id=00104-02242006

8a5770b4-54b5-11db-a5ae-00508d6a62df

mambo -- multiple SQL injection vulnerabilities

James Bercegay reports:

Mambo is vulnerable to an Authentication Bypass issue that is due to an SQL Injection in the login function. The SQL Injection is possible because the $passwd variable is only sanitized when it is not passed as an argument to the function.

Omid reports:

There are several sql injections in Mambo 4.6 RC2 & Joomla 1.0.10 (and maybe other versions):

When a user edits a content, the "id" parameter is not checked properly in /components/com_content/content.php, which can cause 2 sql injections.

The "limit" parameter in the administration section is not checked. This affects many pages of administration section

In the administration section, while editing/creating a user, the "gid" parameter is not checked properly.

Discovery 2006-08-26
Entry 2006-10-05
Modified 2011-06-27
mambo

< 4.6.5

19719
19734
http://www.gulftech.org/?node=research&article_id=00116-10042006
http://seclists.org/bugtraq/2006/Aug/0491.html
http://www.frsirt.com/english/advisories/2006/3918
http://mamboxchange.com/forum/forum.php?forum_id=7704
http://secunia.com/advisories/21644/
http://secunia.com/advisories/22221/