CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-10006
https://notcve.org/view.php?id=CVE-2014-10006
13 Jan 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site scripting (XSS) attacks via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php. Múltiples vulnerabilidades de CSRF en Maian Uploader 4.0 permiten a atacantes remotos secuestrar la autenticación de usuarios no especifcados para solicitudes que realizan ataques de XSS a través ... • http://packetstormsecurity.com/files/124918 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2014-10003
https://notcve.org/view.php?id=CVE-2014-10003
13 Jan 2015 — Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php. Múltiples vulnerabilidades de XSS en Maian Uploader 4.0 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro width en (1) uploader/admin/js/load_flv.js.php o (2) uploader/js/load_flv.js.php. • http://osvdb.org/102489 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2014-10004
https://notcve.org/view.php?id=CVE-2014-10004
13 Jan 2015 — SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en admin/data_files/move.php en Maian Uploader 4.0 permite a atacantes remotos ejecutar comandos SQL arbitrarios a través del parámetro id. • http://osvdb.org/102488 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-10005
https://notcve.org/view.php?id=CVE-2014-10005
13 Jan 2015 — Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message. Maian Uploader 4.0 permite a atacantes remotos obtener información sensible a través de una solicitud sin el parámetro height en load_flv.js.php, lo que revela la ruta de instalación en un mensaje de error. • http://packetstormsecurity.com/files/124918 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 2CVE-2008-3321 – Maian Uploader 4.0 - Insecure Cookie Handling
https://notcve.org/view.php?id=CVE-2008-3321
25 Jul 2008 — admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie. admin/index.php en Maian Uploader 4.0 y versiones anteriores permite a atacantes remotos evitar la autenticación y obtener acceso administrativo enviando una cookie arbitraria uploader_cookie. • https://www.exploit-db.com/exploits/6065 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 4CVE-2008-2202 – Maian Uploader 4.0 - 'header.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-2202
14 May 2008 — Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to upload/admin/index.php in a search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action. Múltiples vulnerabilidades de Secuencias de comandos en sitios cruzados (XSS) en Maian Uploader 4.0 permiten a atacantes remotos inyectar secuencias de comando... • https://www.exploit-db.com/exploits/31743 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •