Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site Scripting Vulnerabilities
1. OVERVIEW
Mambo CMS 4.6.5 and lower versions are vulnerable to Cross Site Scripting.
2. BACKGROUND
Mambo is a full-featured, award-winning content management system that
can be used for everything from simple websites
On 27/06/2011 09:15, YGN Ethical Hacker Group wrote:
Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site Scripting Vulnerabilities
I thought these were found in Joomla ages ago?
Did you really test a code base that is a version of an old Joomla base
or did you look at the code, and test old Joomla
CVE-2011-2204 Apache Tomcat information disclosure
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.16
- Tomcat 6.0.0 to 6.0.32
- Tomcat 5.5.0 to 5.5.33
Earlier, unsupported versions may also be affected
Description:
When using the MemoryUserDatabase
ZDI-11-226: Citrix EdgeSight Launcher Service Remote Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-226
June 27, 2011
-- CVSS:
10, (AV:N/AC:L/Au:N/C:C/I:C/A:C)
-- Affected Vendors:
Citrix
-- Affected Products:
Citrix EdgeSight
-- TippingPoint(TM) IPS
ZDI-11-227: Novell File Reporter Engine RECORD Tag Parsing Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-227
June 27, 2011
-- CVE ID:
CVE-2011-2220
-- CVSS:
9.7, (AV:N/AC:L/Au:N/C:C/I:C/A:P)
-- Affected Vendors:
Novell
-- Affected Products:
Novell
Step 1: Have USD available for spending on mtgox.com.
Step 2: Put in a buy order large enough to drain your account. Low enough under
the current trading price that it will not execute immediately.
Step 3: Withdraw all USD funds.
Step 4: Wait for market to fall enough to meet your order.
Step 5:
Did you really test a code base that is a version of an old Joomla base
No
or did you look at the code, and test old Joomla bugs against it?
No
The XSS results are from purely blackbox scan on Mambo 4.6.5.
Joomla (Joomla! 1.0.0) was released on September 16, 2005. It was a
re-branded