Mambo
Archived Posts from this Category
[Mambo] Mambo Search Denial of Servic
TITLE:
Mambo Search Denial of Service
SECUNIA ADVISORY ID:
SA28392
VERIFY ADVISORY:
http://secunia.com/advisories/28392/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
From remote
SOFTWARE:
Mambo 4.x
http://secunia.com/product/872/
DESCRIPTION:
A vulnerability has been reported in Mambo, which can be exploited by
malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error in the search
component and module, which can be exploited to use lots of system
resources. No further information is currently available.
The vulnerability is reported in all 4.5.x and 4.6.x versions.
SOLUTION:
Mambo 4.6.x:
http://mambo-code.org/gf/download/frsrelease/298/538/20080110-Mambo46x-SearchPatch.zip
Mambo 4.5.5:
http://mambo-code.org/gf/download/frsrelease/298/542/20080110-Mambo45x-SearchPatch.zip
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://forum.mambo-foundation.org/showthread.php?t=9651
0 comments Saturday 12 Jan 2008 | Guardian | Mambo
[Mambo] Mambo Unspecified Bypass Vulnerabilitie
TITLE:
Mambo Unspecified Bypass Vulnerabilities
SECUNIA ADVISORY ID:
SA25039
VERIFY ADVISORY:
http://secunia.com/advisories/25039/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass
WHERE:
From remote
SOFTWARE:
Mambo 4.x
http://secunia.com/product/872/
DESCRIPTION:
Some vulnerabilities have been reported in Mambo, which can be exploited
by malicious people to bypass certain security restrictions.
1) A vulnerability is caused due to insufficient privilege checks in
includes/pdf.php. No further information is currently available.
2) A vulnerability is caused due to insufficient privilege checks in
MOStlyDB Admin. Successful exploitation requires valid administrator
credentials. No further information is currently available.
The vulnerabilities are reported in version 4.6.1. Prior versions may
also be affected.
SOLUTION:
Update to version 4.6.2.
PROVIDED AND/OR DISCOVERED BY:
1) Robert Atkinson
2) Reported by the vendor.
ORIGINAL ADVISORY:
1) http://www.tracker.mambo-foundation.org/?do=details&task_id=170
0 comments Thursday 03 May 2007 | Guardian | Mambo