CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-10003
https://notcve.org/view.php?id=CVE-2014-10003
13 Jan 2015 — Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php. Múltiples vulnerabilidades de XSS en Maian Uploader 4.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro width en (1) uploader/admin/js/load_flv.js.php o (2) uploader/js/load_flv.js.php. • http://osvdb.org/102489 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2012-2405
https://notcve.org/view.php?id=CVE-2012-2405
22 Apr 2012 — Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113. Gallery v2 antes de v2.3.2 y v3 antes de v3.0.3, no implementa el cifrado de forma adecuada, lo que provoca un impacto y vectores de ataque no especificados. Una vulnerabilidad diferente de CVE-2012-1113. • http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2 • CWE-310: Cryptographic Issues •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2012-1113
https://notcve.org/view.php?id=CVE-2012-1113
22 Apr 2012 — Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Gallery v2 antes de v2.3.2 y v3 antes de v3.0.3, permite a atacantes remotos inyectar secuencias de comandos web o código HTML de su elección a través de vectores no especificados. • http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 2CVE-2008-3317 – Maian Search 1.1 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-3317
25 Jul 2008 — admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie. admin/index.php en Maian Search 1.1 y versiones anteriores, permite a atacantes remotos evitar la autenticación y conseguir acceso administrativo mediante en envío de una cookie search_cookie arbitraria. • https://www.exploit-db.com/exploits/6066 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 6%CPEs: 2EXPL: 1CVE-2008-3318 – Maian Weblog 4.0 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-3318
25 Jul 2008 — admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie. admin/index.php en Maian Weblog 4.0 y versiones anteriores permite a atacantes remotos evitar la autenticación y obtención de acceso administrativo, enviando una cookie arbitraria weblog_cookie. • https://www.exploit-db.com/exploits/6064 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 2CVE-2008-3319 – Maian Links 3.1 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-3319
25 Jul 2008 — admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie. admin/index.php de Maian Links 3.1 y anteriores, permite a atacantes remotos evitar la autenticación y obtener acceso como administrador enviando una cookie links_cookie de su elección. • https://www.exploit-db.com/exploits/6062 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2008-3320 – Maian Guestbook 3.2 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-3320
25 Jul 2008 — admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie. admin/index.php de Maian Guestbook 3.2 y anteriores permite a atacantes remotos evitar la autenticación y obtener acceso como administrador enviando una cookie gbook_cookie de su elección. • https://www.exploit-db.com/exploits/6061 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 2CVE-2008-3321 – Maian Uploader 4.0 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-3321
25 Jul 2008 — admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie. admin/index.php en Maian Uploader 4.0 y versiones anteriores permite a atacantes remotos evitar la autenticación y obtener acceso administrativo enviando una cookie arbitraria uploader_cookie. • https://www.exploit-db.com/exploits/6065 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 2CVE-2008-3322 – Maian Recipe 1.2 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-3322
25 Jul 2008 — admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie. admin/index.php en Maian Recipe 1.2 y anteriores permite a atacantes remotos evitar la autenticación y obtener acceso como administrador enviando una cookie recipe_cookie de su elección. • https://www.exploit-db.com/exploits/6063 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2007-2076
https://notcve.org/view.php?id=CVE-2007-2076
18 Apr 2007 — PHP remote file inclusion vulnerability in index.php in Maian Gallery 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this problem existed only briefly in v1.0." Vulnerabilidad de inclusión remota de archivo en PHP en index.php de Maian Gallery 1.0 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro path_to_folder. N... • http://archives.neohapsis.com/archives/bugtraq/2007-04/0244.html •