CVE-2006-4964

Cross-site scripting XSS vulnerability in MAXdev MDPro 1.0.76 before 20060918 allows remote attackers to inject arbitrary web script or HTML via 1 vectors that bypass the XSS protection mechanisms of the pnVarCleanFromInput function, and 2 unspecified vectors related to the AntiCracker...

CVE-2006-4964

Cross-site scripting XSS vulnerability in MAXdev MDPro 1.0.76 before 20060918 allows remote attackers to inject arbitrary web script or HTML via 1 vectors that bypass the XSS protection mechanisms of the pnVarCleanFromInput function, and 2 unspecified vectors related to the AntiCracker...

CVE-2006-4964

MAXdev MDPro contains a cross-site scripting (XSS) vulnerability in versions prior to 1.0.76, fixed in a release after 20060918. The issue arises from vectors that bypass the pnVarCleanFromInput XSS protections and from unspecified AntiCracker-related vectors. Affected product/component: MAXdev M...

PT-2006-5707 · Maxdev · Maxdev Md-Pro

Name of the Vulnerable Software and Affected Versions: MAXdev MDPro versions prior to 1.0.76 updated before 20060918 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML. This is achieved through vectors that bypass the XSS protection...

[SA22050] MAXdev MD-Pro Cross-Site Scripting Vulnerability

TITLE: MAXdev MD-Pro Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA22050 VERIFY ADVISORY: http://secunia.com/advisories/22050/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: MAXdev MD-Pro 1.x http://secunia.com/product/5663/ DESCRIPTION: A...

CVE-2006-1677

MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to obtain the full path of the server via a direct request to includes/legacy.php...

CVE-2006-1676

SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro MD-Pro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a display action, which is not properly handled in...

Design/Logic Flaw

MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to obtain the full path of the server via a direct request to includes/legacy.php...

Sql injection

SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro MD-Pro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a display action, which is not properly handled in...

[SA19563] MAXdev MD-Pro ADOdb "server.php" Insecure Test Script Security Issue

TITLE: MAXdev MD-Pro ADOdb "server.php" Insecure Test Script Security Issue SECUNIA ADVISORY ID: SA19563 VERIFY ADVISORY: http://secunia.com/advisories/19563/ CRITICAL: Moderately critical IMPACT: Security Bypass, System access WHERE: From remote SOFTWARE: MAXdev MD-Pro 1.x...

CVE-2006-1677

MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to obtain the full path of the server via a direct request to includes/legacy.php...

CVE-2006-1676

SQL injection vulnerability in the display function in the Topics module for MAXdev MDPro MD-Pro 1.0.73 and 1.0.72, and possibly other versions before 1.076, allows remote attackers to execute arbitrary SQL commands via the topicid parameter in a display action, which is not properly handled in...

CVE-2006-1676

MAXdev MDPro MD-Pro

CVE-2006-1677

CVE-2006-1677 affects MAXdev MDPro versions prior to 1.076, including 1.0.72/1.0.73. Root cause is an insecure direct access path to includes/legacy.php that allows remote attackers to obtain the server’s full filesystem path. Impact is partial confidentiality exposure (full path disclosure) with...

MAXDEV CMS Multiple vulnerabilities

Full Path disclosure --------------------- This hole is caused by direct access to file includes/legacy.php not protected PoC : http://site.co.id/maxdev/includes/legacy.php Fix : Turn off display error in php.ini can fix this security issue Blind sql inject ----------------- This hole is caused b...

[SA19578] MAXdev MD-Pro "topicid" SQL Injection Vulnerability

TITLE: MAXdev MD-Pro "topicid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA19578 VERIFY ADVISORY: http://secunia.com/advisories/19578/ CRITICAL: Moderately critical IMPACT: Manipulation of data, Exposure of system information WHERE: From remote SOFTWARE: MAXdev MD-Pro 1.x...

MAXDEV CMS 1.0.721.0.73 - PNuserapi.php SQL Injection

MAXDEV CMS 1.0.721.0.73 - PNuserapi.php SQL Injection source: https://www.securityfocus.com/bid/17399/info MAXDEV CMS is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successfu...

MAXDEV CMS 1.0.72/1.0.73 - 'PNuserapi.php' SQL Injection

source: https://www.securityfocus.com/bid/17399/info MAXDEV CMS is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the...

Design/Logic Flaw

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PhpOpenChat, possibly 7 MAXdev MD-Pro, and 8 Simplog, allows remote attackers to execute arbitrary PHP...

CVE-2006-0147

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PhpOpenChat, possibly 7 MAXdev MD-Pro, and 8 Simplog, allows remote attackers to execute arbitrary PHP...