Vendor CVEs
Maianscriptworld
All CVEs
35 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-7086 | 0.04 | — | 0.07 | Aug 26, 2009 | Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin. | |||
| CVE-2008-3322 | 0.04 | — | 0.07 | Jul 25, 2008 | admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie. | |||
| CVE-2008-3317 | 0.04 | — | 0.08 | Jul 25, 2008 | admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie. | |||
| CVE-2008-3319 | 0.04 | — | 0.08 | Jul 25, 2008 | admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie. | |||
| CVE-2008-3320 | 0.04 | — | 0.07 | Jul 25, 2008 | admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie. | |||
| CVE-2008-3318 | 0.04 | — | 0.08 | Jul 25, 2008 | admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie. | |||
| CVE-2008-3321 | 0.04 | — | 0.08 | Jul 25, 2008 | admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie. | |||
| CVE-2008-2202 | 0.03 | — | 0.02 | May 14, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to upload/admin/index.php in a search action, the (2) msg_charset and (3) msg_header9 parameters to… | |||
| CVE-2006-1334 | 0.03 | — | 0.02 | Mar 21, 2006 | Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php. | |||
| CVE-2014-10007 | 0.00 | — | 0.01 | Jan 13, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) subject parameter in a contact action to index.php. | |||
| CVE-2014-10006 | 0.00 | — | 0.01 | Jan 13, 2015 | Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site scripting (XSS) attacks via the width parameter to (1) uploader/admin/js/load_flv.js.php… | |||
| CVE-2014-10005 | 0.00 | — | 0.02 | Jan 13, 2015 | Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message. | |||
| CVE-2014-10004 | 0.00 | — | 0.02 | Jan 13, 2015 | SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2014-10003 | 0.00 | — | 0.02 | Jan 13, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php. | |||
| CVE-2012-2405 | 0.00 | — | 0.01 | Apr 22, 2012 | Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113. | |||
| CVE-2012-1113 | 0.00 | — | 0.02 | Apr 22, 2012 | Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-2200 | 0.00 | — | 0.01 | May 14, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to admin/index.php in a blogs search action, the (2) msg_charset and (3) msg_header9 parameters to… | |||
| CVE-2008-2208 | 0.00 | — | 0.01 | May 14, 2008 | SQL injection vulnerability in index.php in Maian Greeting 2.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action. | |||
| CVE-2008-2211 | 0.00 | — | 0.01 | May 14, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Guestbook 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters. | |||
| CVE-2008-2205 | 0.00 | — | 0.01 | May 14, 2008 | SQL injection vulnerability in index.php in Maian Music 1.1 allows remote attackers to execute arbitrary SQL commands via the album parameter in an album action. | |||
| CVE-2008-2206 | 0.00 | — | 0.01 | May 14, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Maian Music 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter in a search action to index.php, and the (2) msg_script parameter to admin/inc/footer.php. | |||
| CVE-2008-2213 | 0.00 | — | 0.01 | May 14, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Links 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters. | |||
| CVE-2008-2203 | 0.00 | — | 0.01 | May 14, 2008 | SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action. | |||
| CVE-2008-2209 | 0.00 | — | 0.01 | May 14, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Greeting 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script and (2) msg_script2 parameters. | |||
| CVE-2008-2204 | 0.00 | — | 0.01 | May 14, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Search 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9)… | |||
| CVE-2008-2207 | 0.00 | — | 0.01 | May 14, 2008 | Cross-site scripting (XSS) vulnerability in admin/index.php in Maian Gallery 2.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action. | |||
| CVE-2008-2212 | 0.00 | — | 0.01 | May 14, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Maian Cart 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_adminheader, (2) msg_adminheader2, (3) msg_adminheader3, (4) msg_adminheader4, and unspecified other parameters to… | |||
| CVE-2008-2201 | 0.00 | — | 0.01 | May 14, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Recipe 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9)… | |||
| CVE-2008-2210 | 0.00 | — | 0.01 | May 14, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in Maian Support 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script, (2) msg_script2, and (3) msg_script3 parameters to admin/inc/footer.php; and the (4) msg_script2 parameter to… | |||
| CVE-2008-1075 | 0.00 | — | 0.01 | Feb 29, 2008 | Cross-site scripting (XSS) vulnerability in index.php in Maian Cart 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search command. NOTE: the provenance of this information is unknown; the details are obtained solely from third… | |||
| CVE-2007-2078 | 0.00 | — | 0.02 | Apr 18, 2007 | PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, since the path_to_folder variable is initialized… | |||
| CVE-2007-2077 | 0.00 | — | 0.02 | Apr 18, 2007 | PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this issue… | |||
| CVE-2007-2076 | 0.00 | — | 0.02 | Apr 18, 2007 | PHP remote file inclusion vulnerability in index.php in Maian Gallery 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this… | |||
| CVE-2006-1341 | 0.00 | — | 0.01 | Mar 21, 2006 | SQL injection vulnerability in events.php in Maian Events 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. | |||
| CVE-2006-1259 | 0.00 | — | 0.02 | Mar 19, 2006 | Multiple SQL injection vulnerabilities in Maian Support 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) pass parameter to admin/index.php. |
- CVE-2008-7086Aug 26, 2009risk 0.04cvss —epss 0.07
Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin.
- CVE-2008-3322Jul 25, 2008risk 0.04cvss —epss 0.07
admin/index.php in Maian Recipe 1.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary recipe_cookie cookie.
- CVE-2008-3317Jul 25, 2008risk 0.04cvss —epss 0.08
admin/index.php in Maian Search 1.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary search_cookie cookie.
- CVE-2008-3319Jul 25, 2008risk 0.04cvss —epss 0.08
admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie.
- CVE-2008-3320Jul 25, 2008risk 0.04cvss —epss 0.07
admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie.
- CVE-2008-3318Jul 25, 2008risk 0.04cvss —epss 0.08
admin/index.php in Maian Weblog 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary weblog_cookie cookie.
- CVE-2008-3321Jul 25, 2008risk 0.04cvss —epss 0.08
admin/index.php in Maian Uploader 4.0 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary uploader_cookie cookie.
- CVE-2008-2202May 14, 2008risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to upload/admin/index.php in a search action, the (2) msg_charset and (3) msg_header9 parameters to…
- CVE-2006-1334Mar 21, 2006risk 0.03cvss —epss 0.02
Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php.
- CVE-2014-10007Jan 13, 2015risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) subject parameter in a contact action to index.php.
- CVE-2014-10006Jan 13, 2015risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site scripting (XSS) attacks via the width parameter to (1) uploader/admin/js/load_flv.js.php…
- CVE-2014-10005Jan 13, 2015risk 0.00cvss —epss 0.02
Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message.
- CVE-2014-10004Jan 13, 2015risk 0.00cvss —epss 0.02
SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2014-10003Jan 13, 2015risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php.
- CVE-2012-2405Apr 22, 2012risk 0.00cvss —epss 0.01
Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113.
- CVE-2012-1113Apr 22, 2012risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-2200May 14, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to admin/index.php in a blogs search action, the (2) msg_charset and (3) msg_header9 parameters to…
- CVE-2008-2208May 14, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in index.php in Maian Greeting 2.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action.
- CVE-2008-2211May 14, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Guestbook 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters.
- CVE-2008-2205May 14, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in index.php in Maian Music 1.1 allows remote attackers to execute arbitrary SQL commands via the album parameter in an album action.
- CVE-2008-2206May 14, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Maian Music 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter in a search action to index.php, and the (2) msg_script parameter to admin/inc/footer.php.
- CVE-2008-2213May 14, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/footer.php in Maian Links 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script2 and (2) msg_script3 parameters.
- CVE-2008-2203May 14, 2008risk 0.00cvss —epss 0.01
SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action.
- CVE-2008-2209May 14, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Greeting 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script and (2) msg_script2 parameters.
- CVE-2008-2204May 14, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Search 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9)…
- CVE-2008-2207May 14, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in admin/index.php in Maian Gallery 2.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.
- CVE-2008-2212May 14, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Maian Cart 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_adminheader, (2) msg_adminheader2, (3) msg_adminheader3, (4) msg_adminheader4, and unspecified other parameters to…
- CVE-2008-2201May 14, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Recipe 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) header, (2) header2, (3) header3, (4) header4, (5) header5, (6) header6, (7) header7, (8) header8, and (9)…
- CVE-2008-2210May 14, 2008risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Maian Support 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script, (2) msg_script2, and (3) msg_script3 parameters to admin/inc/footer.php; and the (4) msg_script2 parameter to…
- CVE-2008-1075Feb 29, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in Maian Cart 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search command. NOTE: the provenance of this information is unknown; the details are obtained solely from third…
- CVE-2007-2078Apr 18, 2007risk 0.00cvss —epss 0.02
PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, since the path_to_folder variable is initialized…
- CVE-2007-2077Apr 18, 2007risk 0.00cvss —epss 0.02
PHP remote file inclusion vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this issue…
- CVE-2007-2076Apr 18, 2007risk 0.00cvss —epss 0.02
PHP remote file inclusion vulnerability in index.php in Maian Gallery 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, but confirmed by the vendor, stating "this…
- CVE-2006-1341Mar 21, 2006risk 0.00cvss —epss 0.01
SQL injection vulnerability in events.php in Maian Events 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters.
- CVE-2006-1259Mar 19, 2006risk 0.00cvss —epss 0.02
Multiple SQL injection vulnerabilities in Maian Support 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) pass parameter to admin/index.php.