Md-pro Security Vulnerabilities and Issues — Md-pro CVE List

MaxdevMd-pro

9 matches found

CVE•added 2005/09/07 4:0 a.m.•80 views

CVE-2005-2839

MAXdev MD‑Pro 1.0.72 is affected by multiple XSS vulnerabilities that allow remote attackers to inject arbitrary script/HTML via parameters in dl-search.php and wl-search.php. The root cause is unsanitized user input enabling script execution in the web context. Affected product/version: MAXdev M...

4.3CVSS6AI score0.00297EPSS

CVE•added 2006/10/27 4:0 p.m.•59 views

CVE-2006-5564

CVE-2006-5564 is an XSS vulnerability in MAXdev MD-Pro 1.0.76, exploitable via the op parameter in user.php. The issue allows remote attackers to inject arbitrary web script/HTML. The NVD record lists a base score of 4.3 (Medium) with Network attack vector, no confidentiality impact, partial inte...

4.3CVSS5.8AI score0.00274EPSS

CVE•added 2006/10/27 4:0 p.m.•49 views

CVE-2006-5565

CVE-2006-5565 concerns a CRLF injection vulnerability in MAXdev MD-Pro 1.0.76. The flaw allows remote attackers to inject arbitrary HTTP headers by inserting a CRLF sequence into parameters (name, file, module, func) in index.php and the file parameter in modules.php. The accompanying data notes ...

5CVSS7.1AI score0.00448EPSS

CVE•added 2006/04/10 11:0 p.m.•45 views

CVE-2006-1676

MAXdev MDPro MD-Pro

6.4CVSS8.4AI score0.0076EPSS

CVE•added 2005/09/14 4:0 a.m.•42 views

CVE-2005-2887

MAXdev MD-Pro 1.0.73 (and possibly earlier) is vulnerable to information disclosure via direct requests to wiki.php, AutoTheme, Blocks, admin.php, pnadmin.php, or Topics directories, where an error message reveals the path. No remediation details are provided in the supplied documents.

5CVSS6.7AI score0.00517EPSS

CVE•added 2006/04/10 11:0 p.m.•41 views

CVE-2006-1677

CVE-2006-1677 affects MAXdev MDPro versions prior to 1.076, including 1.0.72/1.0.73. Root cause is an insecure direct access path to includes/legacy.php that allows remote attackers to obtain the server’s full filesystem path. Impact is partial confidentiality exposure (full path disclosure) with...

6.4CVSS6.7AI score0.00647EPSS

CVE•added 2005/09/07 4:0 a.m.•40 views

CVE-2005-2840

MAXdev MD-Pro is affected (versions 1.0.72 and earlier). The vulnerability impacts one or more modules: Download, Search, Web links, Blocks, Messages, News, Comments, Settings, Stats, or subjects. The connected PT-2005-3706 entry states the issue has unknown impact and unknown attack vectors and ...

10CVSS7.3AI score0.00461EPSS

CVE•added 2005/09/14 4:0 a.m.•39 views

CVE-2005-2885

The CVE-2005-2885 issue affects MAXdev MD-Pro 1.0.73 (and possibly earlier) where the Downloads page uses an incomplete blacklist for dangerous file extensions, enabling remote attackers to bypass extension checks and execute arbitrary commands by uploading a file with a non-listed extension (dem...

7.5CVSS8.1AI score0.09563EPSS

CVE•added 2006/09/23 10:0 a.m.•38 views

CVE-2006-4964

MAXdev MDPro contains a cross-site scripting (XSS) vulnerability in versions prior to 1.0.76, fixed in a release after 20060918. The issue arises from vectors that bypass the pnVarCleanFromInput XSS protections and from unspecified AntiCracker-related vectors. Affected product/component: MAXdev M...

6.8CVSS5.5AI score0.00536EPSS