CVE-2014-10003
https://notcve.org/view.php?id=CVE-2014-10003
Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php. Múltiples vulnerabilidades de XSS en Maian Uploader 4.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro width en (1) uploader/admin/js/load_flv.js.php o (2) uploader/js/load_flv.js.php. • http://osvdb.org/102489 http://packetstormsecurity.com/files/124918 https://exchange.xforce.ibmcloud.com/vulnerabilities/90716 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-1113
https://notcve.org/view.php?id=CVE-2012-1113
Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Gallery v2 antes de v2.3.2 y v3 antes de v3.0.3, permite a atacantes remotos inyectar secuencias de comandos web o código HTML de su elección a través de vectores no especificados. • http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078618.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078752.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078816.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078851.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078873.html http://lists.fedoraproject.org/pipermail/package • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-2405
https://notcve.org/view.php?id=CVE-2012-2405
Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113. Gallery v2 antes de v2.3.2 y v3 antes de v3.0.3, no implementa el cifrado de forma adecuada, lo que provoca un impacto y vectores de ataque no especificados. Una vulnerabilidad diferente de CVE-2012-1113. • http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2 https://bugzilla.redhat.com/show_bug.cgi?id=812045 https://exchange.xforce.ibmcloud.com/vulnerabilities/75201 • CWE-310: Cryptographic Issues •
CVE-2008-3320 – Maian Guestbook 3.2 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-3320
admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie. admin/index.php de Maian Guestbook 3.2 y anteriores permite a atacantes remotos evitar la autenticación y obtener acceso como administrador enviando una cookie gbook_cookie de su elección. • https://www.exploit-db.com/exploits/6061 http://secunia.com/advisories/31070 http://www.maianscriptworld.co.uk/free-php-scripts/maian-guestbook/development/index.html http://www.securityfocus.com/bid/30203 • CWE-287: Improper Authentication •
CVE-2008-3319 – Maian Links 3.1 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-3319
admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie. admin/index.php de Maian Links 3.1 y anteriores, permite a atacantes remotos evitar la autenticación y obtener acceso como administrador enviando una cookie links_cookie de su elección. • https://www.exploit-db.com/exploits/6062 http://secunia.com/advisories/31068 http://www.maianscriptworld.co.uk/free-php-scripts/maian-links/development/index.html http://www.maianscriptworld.co.uk/news.html http://www.securityfocus.com/bid/30205 https://exchange.xforce.ibmcloud.com/vulnerabilities/43749 • CWE-287: Improper Authentication •