CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2008-3320 – Maian Guestbook 3.2 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-3320
admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie. admin/index.php de Maian Guestbook 3.2 y anteriores permite a atacantes remotos evitar la autenticación y obtener acceso como administrador enviando una cookie gbook_cookie de su elección. • https://www.exploit-db.com/exploits/6061 http://secunia.com/advisories/31070 http://www.maianscriptworld.co.uk/free-php-scripts/maian-guestbook/development/index.html http://www.securityfocus.com/bid/30203 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 8%CPEs: 2EXPL: 2CVE-2008-3317 – Maian Search 1.1 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-3317
admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie. admin/index.php en Maian Search 1.1 y versiones anteriores, permite a atacantes remotos evitar la autenticación y conseguir acceso administrativo mediante en envío de una cookie search_cookie arbitraria. • https://www.exploit-db.com/exploits/6066 http://secunia.com/advisories/31075 http://securityreason.com/securityalert/4042 http://www.maianscriptworld.co.uk/free-php-scripts/maian-search/development/index.html http://www.maianscriptworld.co.uk/news.html http://www.securityfocus.com/bid/30211 https://exchange.xforce.ibmcloud.com/vulnerabilities/43753 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 2CVE-2008-3322 – Maian Recipe 1.2 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-3322
admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie. admin/index.php en Maian Recipe 1.2 y anteriores permite a atacantes remotos evitar la autenticación y obtener acceso como administrador enviando una cookie recipe_cookie de su elección. • https://www.exploit-db.com/exploits/6063 http://secunia.com/advisories/31071 http://www.maianscriptworld.co.uk/news.html http://www.securityfocus.com/bid/30208 https://exchange.xforce.ibmcloud.com/vulnerabilities/43750 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 2CVE-2008-3319 – Maian Links 3.1 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-3319
admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie. admin/index.php de Maian Links 3.1 y anteriores, permite a atacantes remotos evitar la autenticación y obtener acceso como administrador enviando una cookie links_cookie de su elección. • https://www.exploit-db.com/exploits/6062 http://secunia.com/advisories/31068 http://www.maianscriptworld.co.uk/free-php-scripts/maian-links/development/index.html http://www.maianscriptworld.co.uk/news.html http://www.securityfocus.com/bid/30205 https://exchange.xforce.ibmcloud.com/vulnerabilities/43749 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2007-2077
https://notcve.org/view.php?id=CVE-2007-2077
PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this issue was fixed last year and [no] is longer a problem." Vulnerabilidad de inclusión remota de archivo en PHP en search.php de Maian Search 1.1 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro path_to_folder. NOTA: este asunto ha sido impugnado por un investigador de una tercera parte, pero confirmado por el vendedor, estableciendo que "este asunto fue solucionado el año pasado y ya [no] constituye un problema". • http://archives.neohapsis.com/archives/bugtraq/2007-04/0244.html http://attrition.org/pipermail/vim/2007-April/001524.html http://www.osvdb.org/34150 http://www.securityfocus.com/archive/1/465731/100/0/threaded http://www.securityfocus.com/archive/1/465857/100/0/threaded •