4 matches found
CVE-2008-2202
Maian Uploader 4.0 is affected by multiple cross-site scripting (XSS) vulnerabilities. The issues allow remote attackers to inject arbitrary web script or HTML via: (1) the keywords parameter to upload/admin/index.php in a search action, (2) the msg_charset parameter to admin/inc/header.php, (3) ...
CVE-2014-10005
CVE-2014-10005 affects Maian Uploader 4.0. The issue arises when requesting load_flv.js.php without the required height parameter, which may cause an error message that reveals the installation path. This is a potential information disclosure in the affected component (load_flv.js.php). The docum...
CVE-2014-10006
Maian Uploader 4.0 is affected by multiple CSRF vulnerabilities that allow an attacker to hijack user authentication for requests that trigger XSS via the width parameter in uploader/admin/js/load_flv.js.php and uploader/js/load_flv.js.php. The CVE description indicates these are CSRF issues lead...
CVE-2014-10004
Maian Uploader 4.0 is affected by a SQL injection in admin/data_files/move.php via the id parameter, enabling remote attackers to execute arbitrary SQL commands. No exploit specifics or mitigation details are provided in the connected documents; implications are partial confidentiality/integrity ...