CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 2CVE-2008-3317 – Maian Search 1.1 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-3317
25 Jul 2008 — admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie. admin/index.php en Maian Search 1.1 y versiones anteriores, permite a atacantes remotos evitar la autenticación y conseguir acceso administrativo mediante en envío de una cookie search_cookie arbitraria. • https://www.exploit-db.com/exploits/6066 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2204
https://notcve.org/view.php?id=CVE-2008-2204
14 May 2008 — Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Search 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9) header9 parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en admin/inc/header.php de Maian Search 1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante los parámetro... • http://securityreason.com/securityalert/3883 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2203
https://notcve.org/view.php?id=CVE-2008-2203
14 May 2008 — SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action. Vulnerabilidad de inyección SQL en search.php de Maian Search 1.1 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro keywords en una acción search. • http://securityreason.com/securityalert/3883 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •