RSS   Vulnerabilities for 'Maian uploader'   RSS

2015-01-13
 
CVE-2014-10006

CWE-352
 
 
Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site scripting (XSS) attacks via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php.

 
 
CVE-2014-10005

CWE-200
 
 
Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message.

 
 
CVE-2014-10004

 
 
SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

 
 
CVE-2014-10003

 
 
Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the width parameter to (1) uploader/admin/js/load_flv.js.php or (2) uploader/js/load_flv.js.php.

 
2008-05-14
 
CVE-2008-2202

CWE-79
 
 
Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter to upload/admin/index.php in a search action, the (2) msg_charset and (3) msg_header9 parameters to admin/inc/header.php, and the (4) keywords parameter to index.php in a search action.

 

 >>> Vendor: Maianscriptworld 13 Products
Maian weblog
Maian recipe
Maian cart
Maian uploader
Maian search
Maian music
Maian gallery
Maian greeting
Maian support
Maian guestbook
Maian links
Maian greetings
Maianaffiliate

Copyright 2024, cxsecurity.com

 

Back to Top