MidnightBSD

Advisories for maian

CVE-2006-1259 HIGH

Multiple SQL injection vulnerabilities in Maian Support 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) pass parameter to admin/index.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
maian support 1.0
CVE-2007-2078 MEDIUM

PHP remote file inclusion vulnerability in index.php in Maian Weblog 3.1 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. NOTE: this issue was disputed by a third party researcher, since the path_to_folder variable is initialized before use

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
maian weblog 3.1
CVE-2012-1113 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
menalto gallery 2.2.6
maian gallery 2.3.1
maian gallery 3.0
maian gallery 3.0.2
maian gallery 3.0.1
maian gallery 2.3
CVE-2012-2405 HIGH

Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-310,

Products Affected

Vendor Product Version
menalto gallery 2.2.6
maian gallery 2.3.1
maian gallery 3.0
maian gallery 3.0.2
maian gallery 3.0.1
maian gallery 2.3