4 results (0.012 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php. Múltiples vulnerabilidades de XSS en Maian Uploader 4.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro width en (1) uploader/admin/js/load_flv.js.php o (2) uploader/js/load_flv.js.php. • http://osvdb.org/102489 http://packetstormsecurity.com/files/124918 https://exchange.xforce.ibmcloud.com/vulnerabilities/90716 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 6%CPEs: 1EXPL: 2

admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie. admin/index.php en Maian Uploader 4.0 y versiones anteriores permite a atacantes remotos evitar la autenticación y obtener acceso administrativo enviando una cookie arbitraria uploader_cookie. • https://www.exploit-db.com/exploits/6065 http://secunia.com/advisories/31045 http://www.maianscriptworld.co.uk/free-php-scripts/maian-uploader/development/index.html http://www.maianscriptworld.co.uk/news.html http://www.securityfocus.com/bid/30210 https://exchange.xforce.ibmcloud.com/vulnerabilities/43752 • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 8%CPEs: 2EXPL: 2

admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie. admin/index.php en Maian Search 1.1 y versiones anteriores, permite a atacantes remotos evitar la autenticación y conseguir acceso administrativo mediante en envío de una cookie search_cookie arbitraria. • https://www.exploit-db.com/exploits/6066 http://secunia.com/advisories/31075 http://securityreason.com/securityalert/4042 http://www.maianscriptworld.co.uk/free-php-scripts/maian-search/development/index.html http://www.maianscriptworld.co.uk/news.html http://www.securityfocus.com/bid/30211 https://exchange.xforce.ibmcloud.com/vulnerabilities/43753 • CWE-287: Improper Authentication •

CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2

Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php. • https://www.exploit-db.com/exploits/27478 https://www.exploit-db.com/exploits/27477 http://evuln.com/vulns/101/summary.html http://secunia.com/advisories/19273 http://securityreason.com/securityalert/638 http://securitytracker.com/id?1015818 http://www.osvdb.org/23945 http://www.osvdb.org/23946 http://www.securityfocus.com/archive/1/428903/100/0/threaded http://www.securityfocus.com/bid/17159 http://www.securityfocus.com/bid/17247 http://www.vupen.com/english •