CVE-2008-3318 – Maian Weblog 4.0 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-3318
admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie. admin/index.php en Maian Weblog 4.0 y versiones anteriores permite a atacantes remotos evitar la autenticación y obtención de acceso administrativo, enviando una cookie arbitraria weblog_cookie. • https://www.exploit-db.com/exploits/6064 http://secunia.com/advisories/30943 http://www.maianscriptworld.co.uk/free-php-scripts/maian-weblog/development/index.html http://www.maianscriptworld.co.uk/news.html http://www.securityfocus.com/bid/30209 https://exchange.xforce.ibmcloud.com/vulnerabilities/43751 • CWE-287: Improper Authentication •
CVE-2007-2078
https://notcve.org/view.php?id=CVE-2007-2078
PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, since the path_to_folder variable is initialized before use ** IMPUGNADA ** Vulnerabilidad de inclusión remota de archivo en PHP en index.php de Maian Weblog 3.1 permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro path_to_folder. NOTA: este asunto ha sido impugnado por un investigador de una tercera parte, ya que el la variable path_to_folder es inicializada antes de ser usada. • http://archives.neohapsis.com/archives/bugtraq/2007-04/0244.html http://attrition.org/pipermail/vim/2007-April/001527.html http://osvdb.org/35360 http://securityreason.com/securityalert/2582 http://www.securityfocus.com/archive/1/465735/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/33708 •