CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2205
https://notcve.org/view.php?id=CVE-2008-2205
SQL injection vulnerability in index.php in Maian Music 1.1 allows remote attackers to execute arbitrary SQL commands via the album parameter in an album action. Vulnerabilidad de inyección SQL en index.php de Maian Music 1.1, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro album en una acción album. • http://secunia.com/advisories/30066 http://securityreason.com/securityalert/3884 http://www.securityfocus.com/archive/1/491590/100/0/threaded http://www.securityfocus.com/bid/29032 https://exchange.xforce.ibmcloud.com/vulnerabilities/42209 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2211
https://notcve.org/view.php?id=CVE-2008-2211
Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Guestbook 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en admin/inc/footer.php de Maian Guestbook 3.2 permite a atacantes remotos inyectar web script o HTML de su elección a través de los parámetros (1) msg_script2 y (2) msg_script3. • http://secunia.com/advisories/30071 http://securityreason.com/securityalert/3890 http://www.securityfocus.com/archive/1/491584/100/0/threaded http://www.securityfocus.com/bid/29032 https://exchange.xforce.ibmcloud.com/vulnerabilities/42198 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 4CVE-2008-2202 – Maian Uploader 4.0 - 'header.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-2202
Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to upload/admin/index.php in a search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action. Múltiples vulnerabilidades de Secuencias de comandos en sitios cruzados (XSS) en Maian Uploader 4.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrariamente mediante el parámetro (1) keywords de upload/admin/index.php en una acción search, los parámetros (2) msg_charset y (3) msg_header9 de admin/inc/header.php, y el parámetro (4) keywords de index.php en una acción search. • https://www.exploit-db.com/exploits/31743 https://www.exploit-db.com/exploits/31741 https://www.exploit-db.com/exploits/31742 http://secunia.com/advisories/30096 http://securityreason.com/securityalert/3882 http://www.securityfocus.com/archive/1/491599/100/0/threaded http://www.securityfocus.com/bid/29051 https://exchange.xforce.ibmcloud.com/vulnerabilities/42203 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2200
https://notcve.org/view.php?id=CVE-2008-2200
Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to admin/index.php in a blogs search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Maian Weblog 4.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante los parámetros (1) keywords a admin/index.php en una acción blogs search; (2) msg_charset y (3) msg_header9 a admin/inc/header.php; y (4) keywords a index.php en una acción search. • http://secunia.com/advisories/30060 http://securityreason.com/securityalert/3880 http://www.securityfocus.com/archive/1/491588/100/0/threaded http://www.securityfocus.com/bid/29032 https://exchange.xforce.ibmcloud.com/vulnerabilities/42207 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2201
https://notcve.org/view.php?id=CVE-2008-2201
Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Recipe 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9) header9 parameters. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados en admin/inc/header.php en Maian Recipe 1.2 permiten a atacantes remotos inyectar inyectar secuencias de comandos Web o HTML de su elección a través de los parámetros: (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8 y (9) header9. • http://secunia.com/advisories/30067 http://securityreason.com/securityalert/3881 http://www.securityfocus.com/archive/1/491589/100/0/threaded http://www.securityfocus.com/bid/29032 https://exchange.xforce.ibmcloud.com/vulnerabilities/42206 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •