CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2CVE-2008-7086 – Maian Greetings 2.1 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-7086
Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin. Maian Greetings v2,1 permite a atacantes remotos evitar la autenticación y obtener privilegios administrativos estableciendo la cookie mecard_admin_cookie a admin. • https://www.exploit-db.com/exploits/6050 http://www.securityfocus.com/bid/30199 https://exchange.xforce.ibmcloud.com/vulnerabilities/43744 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2208
https://notcve.org/view.php?id=CVE-2008-2208
SQL injection vulnerability in index.php in Maian Greeting 2.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action. Vulnerabilidad de inyección SQL en index.php de Maian Greeting 2.1; permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro keywords en una acción search. • http://secunia.com/advisories/30069 http://securityreason.com/securityalert/3887 http://www.securityfocus.com/archive/1/491582/100/0/threaded http://www.securityfocus.com/bid/29032 https://exchange.xforce.ibmcloud.com/vulnerabilities/42199 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2205
https://notcve.org/view.php?id=CVE-2008-2205
SQL injection vulnerability in index.php in Maian Music 1.1 allows remote attackers to execute arbitrary SQL commands via the album parameter in an album action. Vulnerabilidad de inyección SQL en index.php de Maian Music 1.1, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro album en una acción album. • http://secunia.com/advisories/30066 http://securityreason.com/securityalert/3884 http://www.securityfocus.com/archive/1/491590/100/0/threaded http://www.securityfocus.com/bid/29032 https://exchange.xforce.ibmcloud.com/vulnerabilities/42209 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2203
https://notcve.org/view.php?id=CVE-2008-2203
SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action. Vulnerabilidad de inyección SQL en search.php de Maian Search 1.1 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro keywords en una acción search. • http://securityreason.com/securityalert/3883 http://www.securityfocus.com/archive/1/491586/100/0/threaded http://www.securityfocus.com/bid/29032 https://exchange.xforce.ibmcloud.com/vulnerabilities/42196 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2200
https://notcve.org/view.php?id=CVE-2008-2200
Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to admin/index.php in a blogs search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Maian Weblog 4.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante los parámetros (1) keywords a admin/index.php en una acción blogs search; (2) msg_charset y (3) msg_header9 a admin/inc/header.php; y (4) keywords a index.php en una acción search. • http://secunia.com/advisories/30060 http://securityreason.com/securityalert/3880 http://www.securityfocus.com/archive/1/491588/100/0/threaded http://www.securityfocus.com/bid/29032 https://exchange.xforce.ibmcloud.com/vulnerabilities/42207 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •