Mambo / Joomla SQL Injection Vulnerability Discovered

June 19th, 2006 rgod has discovered a vulnerability in Mambo & Joomla, which can be exploited to conduct SQL injection attacks. Input passed to the "Name" field when submitting a web link isn't properly sanitised before being used in a SQL query.

June 29th, 2006 Kw3[R]Ln has discovered a vulnerability in the MOD_CBSMS module for Mambo, which can be exploited to compromise a machine serving Mambo CMS. Input passed to the "mosConfig_absolute_path" parameter in mod_cbsms_messages.php isn't properly verified, before it is used to include files.

June 29th, 2006 KeyCoder has discovered a vulnerability in the MyAds module for Xoops, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "lid" parameter in annonces-p-f.php isn't properly sanitised before being used in a SQL query.

March 2nd, 2006 Mambo / Joomla passwords cannot be recovered as they are set using a one-way hash function (MD5). However they can be reset to new values.

July 14th, 2006 Joomla Content Management System was forked off Mambo CMS after most of the core Mambo developers disagreed with Mambo Management. The current stable release is 1.0.10.

December 9th, 2007 I have been an avid user of Mambo and now Joomla since 2001. taragana.com is designed using Joomla.

December 16th, 2005 A cross-site scripting (XSS) vulnerability has been discovered in the Apache httpd server's mod_imap module which allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. Input passed to the image map "Referer" directive in "mod_imap" isn't properly sanitised before being returned to the user.

July 18th, 2006 Naveed has discovered a vulnerability in Microsoft PowerPoint, which potentially can be exploited to compromise any user's system. The vulnerability has been confirmed on Windows XP SP2 with a fully patched PowerPoint 2003.

June 3rd, 2008 How effective is a site re-design? The final proof is in site traffic. When we started re-designing Taragana.com we had many apprehensions.

July 18th, 2006 Bipin Gautam has reported a vulnerability in Outpost Firewall Pro, which can be exploited by local users to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error in the Virtual Firewall driver (filtnt.sys) and can be exploited to crash the system by e.g.

June 21st, 2006 Archit3ct and IR4DEX GROUP have discovered a vulnerability in SmartSiteCMS, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "root" parameter in include/inc_foot.php is not properly verified before being used to include files.

December 16th, 2007 MODx is an excellent AJAX enabled content management system, which is leagues ahead of Joomla / Mambo. One of the features of MODx is that pages aren't fully deleted.

September 13th, 2005 A comprehensive comparison of two leading open source CMS - Mambo versus Drupal

November 14th, 2005 A vulnerability has been reported in Macromedia Flash Player 7, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to missing validation of the frame type identifier that is read from a SWF file.

July 31st, 2008 Pligg is a popular Digg clone. This week has been a stressful week for many Pliggers due to a security vulnerability discovered and exploited by a few hackers.