CVSS: 7.5EPSS: 8%CPEs: 2EXPL: 2CVE-2008-3317 – Maian Search 1.1 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-3317
admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie. admin/index.php en Maian Search 1.1 y versiones anteriores, permite a atacantes remotos evitar la autenticación y conseguir acceso administrativo mediante en envío de una cookie search_cookie arbitraria. • https://www.exploit-db.com/exploits/6066 http://secunia.com/advisories/31075 http://securityreason.com/securityalert/4042 http://www.maianscriptworld.co.uk/free-php-scripts/maian-search/development/index.html http://www.maianscriptworld.co.uk/news.html http://www.securityfocus.com/bid/30211 https://exchange.xforce.ibmcloud.com/vulnerabilities/43753 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2007-2077
https://notcve.org/view.php?id=CVE-2007-2077
PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this issue was fixed last year and [no] is longer a problem." Vulnerabilidad de inclusión remota de archivo en PHP en search.php de Maian Search 1.1 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro path_to_folder. NOTA: este asunto ha sido impugnado por un investigador de una tercera parte, pero confirmado por el vendedor, estableciendo que "este asunto fue solucionado el año pasado y ya [no] constituye un problema". • http://archives.neohapsis.com/archives/bugtraq/2007-04/0244.html http://attrition.org/pipermail/vim/2007-April/001524.html http://www.osvdb.org/34150 http://www.securityfocus.com/archive/1/465731/100/0/threaded http://www.securityfocus.com/archive/1/465857/100/0/threaded •