3 results (0.006 seconds)

CVSS: 7.5EPSS: 7%CPEs: 2EXPL: 1

CVE-2008-3318 – Maian Weblog 4.0 - Insecure Cookie Handling

https://notcve.org/view.php?id=CVE-2008-3318

admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie. admin/index.php en Maian Weblog 4.0 y versiones anteriores permite a atacantes remotos evitar la autenticación y obtención de acceso administrativo, enviando una cookie arbitraria weblog_cookie. • https://www.exploit-db.com/exploits/6064 http://secunia.com/advisories/30943 http://www.maianscriptworld.co.uk/free-php-scripts/maian-weblog/development/index.html http://www.maianscriptworld.co.uk/news.html http://www.securityfocus.com/bid/30209 https://exchange.xforce.ibmcloud.com/vulnerabilities/43751 • CWE-287: Improper Authentication •

CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 1

CVE-2007-2078

https://notcve.org/view.php?id=CVE-2007-2078

PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, since the path_to_folder variable is initialized before use ** IMPUGNADA ** Vulnerabilidad de inclusión remota de archivo en PHP en index.php de Maian Weblog 3.1 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro path_to_folder. NOTA: este asunto ha sido impugnado por un investigador de una tercera parte, ya que el la variable path_to_folder es inicializada antes de ser usada. • http://archives.neohapsis.com/archives/bugtraq/2007-04/0244.html http://attrition.org/pipermail/vim/2007-April/001527.html http://osvdb.org/35360 http://securityreason.com/securityalert/2582 http://www.securityfocus.com/archive/1/465735/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/33708 •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2

CVE-2006-1334 – Maian Weblog 2.0 - 'mail.php' SQL Injection

https://notcve.org/view.php?id=CVE-2006-1334

Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php. • https://www.exploit-db.com/exploits/27478 https://www.exploit-db.com/exploits/27477 http://evuln.com/vulns/101/summary.html http://secunia.com/advisories/19273 http://securityreason.com/securityalert/638 http://securitytracker.com/id?1015818 http://www.osvdb.org/23945 http://www.osvdb.org/23946 http://www.securityfocus.com/archive/1/428903/100/0/threaded http://www.securityfocus.com/bid/17159 http://www.securityfocus.com/bid/17247 http://www.vupen.com/english •