4 results (0.006 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1

Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site scripting (XSS) attacks via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php. Múltiples vulnerabilidades de CSRF en Maian Uploader 4.0 permiten a atacantes remotos secuestrar la autenticación de usuarios no especifcados para solicitudes que realizan ataques de XSS a través del parámetro width en (1) uploader/admin/js/load_flv.js.php o (2) uploader/js/load_flv.js.php. • http://packetstormsecurity.com/files/124918 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en admin/data_files/move.php en Maian Uploader 4.0 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro id. • http://osvdb.org/102488 http://packetstormsecurity.com/files/124918 https://exchange.xforce.ibmcloud.com/vulnerabilities/90715 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message. Maian Uploader 4.0 permite a atacantes remotos obtener información sensible a través de una solicitud sin el parámetro height en load_flv.js.php, lo que revela la ruta de instalación en un mensaje de error. • http://packetstormsecurity.com/files/124918 http://www.osvdb.org/102487 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 4

Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to upload/admin/index.php in a search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action. Múltiples vulnerabilidades de Secuencias de comandos en sitios cruzados (XSS) en Maian Uploader 4.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrariamente mediante el parámetro (1) keywords de upload/admin/index.php en una acción search, los parámetros (2) msg_charset y (3) msg_header9 de admin/inc/header.php, y el parámetro (4) keywords de index.php en una acción search. • https://www.exploit-db.com/exploits/31743 https://www.exploit-db.com/exploits/31741 https://www.exploit-db.com/exploits/31742 http://secunia.com/advisories/30096 http://securityreason.com/securityalert/3882 http://www.securityfocus.com/archive/1/491599/100/0/threaded http://www.securityfocus.com/bid/29051 https://exchange.xforce.ibmcloud.com/vulnerabilities/42203 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •