16 results (0.012 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2014-10003

https://notcve.org/view.php?id=CVE-2014-10003

Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php. Múltiples vulnerabilidades de XSS en Maian Uploader 4.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro width en (1) uploader/admin/js/load_flv.js.php o (2) uploader/js/load_flv.js.php. • http://osvdb.org/102489 http://packetstormsecurity.com/files/124918 https://exchange.xforce.ibmcloud.com/vulnerabilities/90716 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0

CVE-2012-2405

https://notcve.org/view.php?id=CVE-2012-2405

Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113. Gallery v2 antes de v2.3.2 y v3 antes de v3.0.3, no implementa el cifrado de forma adecuada, lo que provoca un impacto y vectores de ataque no especificados. Una vulnerabilidad diferente de CVE-2012-1113. • http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2 https://bugzilla.redhat.com/show_bug.cgi?id=812045 https://exchange.xforce.ibmcloud.com/vulnerabilities/75201 • CWE-310: Cryptographic Issues •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2012-1113

https://notcve.org/view.php?id=CVE-2012-1113

Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Gallery v2 antes de v2.3.2 y v3 antes de v3.0.3, permite a atacantes remotos inyectar secuencias de comandos web o código HTML de su elección a través de vectores no especificados. • http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078618.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078752.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078816.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078851.html http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078873.html http://lists.fedoraproject.org/pipermail/package • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 7%CPEs: 2EXPL: 1

CVE-2008-3318 – Maian Weblog 4.0 - Insecure Cookie Handling

https://notcve.org/view.php?id=CVE-2008-3318

admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie. admin/index.php en Maian Weblog 4.0 y versiones anteriores permite a atacantes remotos evitar la autenticación y obtención de acceso administrativo, enviando una cookie arbitraria weblog_cookie. • https://www.exploit-db.com/exploits/6064 http://secunia.com/advisories/30943 http://www.maianscriptworld.co.uk/free-php-scripts/maian-weblog/development/index.html http://www.maianscriptworld.co.uk/news.html http://www.securityfocus.com/bid/30209 https://exchange.xforce.ibmcloud.com/vulnerabilities/43751 • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 2

CVE-2008-3321 – Maian Uploader 4.0 - Insecure Cookie Handling

https://notcve.org/view.php?id=CVE-2008-3321

admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie. admin/index.php en Maian Uploader 4.0 y versiones anteriores permite a atacantes remotos evitar la autenticación y obtener acceso administrativo enviando una cookie arbitraria uploader_cookie. • https://www.exploit-db.com/exploits/6065 http://secunia.com/advisories/31045 http://www.maianscriptworld.co.uk/free-php-scripts/maian-uploader/development/index.html http://www.maianscriptworld.co.uk/news.html http://www.securityfocus.com/bid/30210 https://exchange.xforce.ibmcloud.com/vulnerabilities/43752 • CWE-287: Improper Authentication •