NotCVE - vendor:"Maian Script World"

4 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2014-10003

https://notcve.org/view.php?id=CVE-2014-10003

Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php. Múltiples vulnerabilidades de XSS en Maian Uploader 4.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro width en (1) uploader/admin/js/load_flv.js.php o (2) uploader/js/load_flv.js.php. • http://osvdb.org/102489 http://packetstormsecurity.com/files/124918 https://exchange.xforce.ibmcloud.com/vulnerabilities/90716 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 2

CVE-2008-3321 – Maian Uploader 4.0 - Insecure Cookie Handling

https://notcve.org/view.php?id=CVE-2008-3321

admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie. admin/index.php en Maian Uploader 4.0 y versiones anteriores permite a atacantes remotos evitar la autenticación y obtener acceso administrativo enviando una cookie arbitraria uploader_cookie. • https://www.exploit-db.com/exploits/6065 http://secunia.com/advisories/31045 http://www.maianscriptworld.co.uk/free-php-scripts/maian-uploader/development/index.html http://www.maianscriptworld.co.uk/news.html http://www.securityfocus.com/bid/30210 https://exchange.xforce.ibmcloud.com/vulnerabilities/43752 • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 8%CPEs: 2EXPL: 2

CVE-2008-3317 – Maian Search 1.1 - Insecure Cookie Handling

https://notcve.org/view.php?id=CVE-2008-3317

admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie. admin/index.php en Maian Search 1.1 y versiones anteriores, permite a atacantes remotos evitar la autenticación y conseguir acceso administrativo mediante en envío de una cookie search_cookie arbitraria. • https://www.exploit-db.com/exploits/6066 http://secunia.com/advisories/31075 http://securityreason.com/securityalert/4042 http://www.maianscriptworld.co.uk/free-php-scripts/maian-search/development/index.html http://www.maianscriptworld.co.uk/news.html http://www.securityfocus.com/bid/30211 https://exchange.xforce.ibmcloud.com/vulnerabilities/43753 • CWE-287: Improper Authentication •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2

CVE-2006-1334 – Maian Weblog 2.0 - 'mail.php' SQL Injection

https://notcve.org/view.php?id=CVE-2006-1334

Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php. • https://www.exploit-db.com/exploits/27478 https://www.exploit-db.com/exploits/27477 http://evuln.com/vulns/101/summary.html http://secunia.com/advisories/19273 http://securityreason.com/securityalert/638 http://securitytracker.com/id?1015818 http://www.osvdb.org/23945 http://www.osvdb.org/23946 http://www.securityfocus.com/archive/1/428903/100/0/threaded http://www.securityfocus.com/bid/17159 http://www.securityfocus.com/bid/17247 http://www.vupen.com/english •