CVSS: 9.8EPSS: 70%CPEs: 1EXPL: 5CVE-2021-32172 – Maian-Cart 3.8 - Remote Code Execution (RCE) (Unauthenticated)
https://notcve.org/view.php?id=CVE-2021-32172
07 Oct 2021 — Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin. Maian Cart versión v3.8, contiene una explotación de ejecución de código remota (RCE) por medio de un problema de control de acceso roto en el plugin Elfinder • https://packetstorm.news/files/id/164445 • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-10004
https://notcve.org/view.php?id=CVE-2014-10004
13 Jan 2015 — SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en admin/data_files/move.php en Maian Uploader 4.0 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro id. • http://osvdb.org/102488 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-10005
https://notcve.org/view.php?id=CVE-2014-10005
13 Jan 2015 — Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message. Maian Uploader 4.0 permite a atacantes remotos obtener información sensible a través de una solicitud sin el parámetro height en load_flv.js.php, lo que revela la ruta de instalación en un mensaje de error. • http://packetstormsecurity.com/files/124918 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-10007
https://notcve.org/view.php?id=CVE-2014-10007
13 Jan 2015 — Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) subject parameter in a contact action to index.php. Múltiples vulnerabilidades de XSS en Maian Weblog 4.0 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro (1) name, (2) email, o (3) subject en una acción contact en index.php. • http://secunia.com/advisories/56797 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-10006
https://notcve.org/view.php?id=CVE-2014-10006
13 Jan 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site scripting (XSS) attacks via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php. Múltiples vulnerabilidades de CSRF en Maian Uploader 4.0 permiten a atacantes remotos secuestrar la autenticación de usuarios no especifcados para solicitudes que realizan ataques de XSS a través ... • http://packetstormsecurity.com/files/124918 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2008-7086 – Maian Greetings 2.1 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-7086
26 Aug 2009 — Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin. Maian Greetings v2,1 permite a atacantes remotos evitar la autenticación y obtener privilegios administrativos estableciendo la cookie mecard_admin_cookie a admin. • https://www.exploit-db.com/exploits/6050 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2208
https://notcve.org/view.php?id=CVE-2008-2208
14 May 2008 — SQL injection vulnerability in index.php in Maian Greeting 2.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action. Vulnerabilidad de inyección SQL en index.php de Maian Greeting 2.1; permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro keywords en una acción search. • http://secunia.com/advisories/30069 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2213
https://notcve.org/view.php?id=CVE-2008-2213
14 May 2008 — Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Links 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados en admin/inc/footer.php en Maian Links 3.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros (1) msg_script2 y (2) msg_script3. • http://secunia.com/advisories/30065 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2204
https://notcve.org/view.php?id=CVE-2008-2204
14 May 2008 — Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Search 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9) header9 parameters. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en admin/inc/header.php de Maian Search 1.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante los parámetro... • http://securityreason.com/securityalert/3883 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-2205
https://notcve.org/view.php?id=CVE-2008-2205
14 May 2008 — SQL injection vulnerability in index.php in Maian Music 1.1 allows remote attackers to execute arbitrary SQL commands via the album parameter in an album action. Vulnerabilidad de inyección SQL en index.php de Maian Music 1.1, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro album en una acción album. • http://secunia.com/advisories/30066 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •