Saime

#9113de 53,638
30CVSS total
Vulnerabilidades · 4
Alta
4
PT-2009-2555
7.5
2009-08-26
Maian · Maian Greeting · CVE-2008-7086
**Name of the Vulnerable Software and Affected Versions** Maian Greetings version 2.1 **Description** The issue allows remote attackers to bypass authentication and gain administrative privileges. This is achieved by setting the `mecard admin cookie` cookie to `admin`. **Recommendations** For Maian Greetings version 2.1, consider removing or restricting access to the `mecard admin cookie` to prevent unauthorized administrative access until a patch is available.
PT-2008-4222
7.5
2008-06-19
Otomi · Otomigenx · CVE-2008-2782
**Name of the Vulnerable Software and Affected Versions** OtomiGenX version 2.2 **Description** The issue allows remote attackers to include and execute arbitrary local files. This is achieved by exploiting directory traversal vulnerabilities using a .. (dot dot) in the `lang` parameter to specific API endpoints, such as "library rss.php" and "rss.php". **Recommendations** For OtomiGenX version 2.2, consider restricting access to the `lang` parameter in the affected API endpoints "library rss.php" and "rss.php" to minimize the risk of exploitation. Additionally, avoid using the `lang` parameter with unvalidated input until a fix is available.
PT-2008-3920
7.5
2008-05-27
Macguru · Macguru Blog Engine Plugin · CVE-2008-2455
Name of the Vulnerable Software and Affected Versions: MacGuru BLOG Engine plugin version 2.2 for e107 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `rid` parameter in the comment.php file. Recommendations: For MacGuru BLOG Engine plugin version 2.2, avoid using the `rid` parameter in the comment.php file until a fix is available. Consider restricting access to the comment.php file to minimize the risk of exploitation.
PT-2008-3728
7.5
2008-05-14
Vshare · Vshare Youtube Clone · CVE-2008-2223
Name of the Vulnerable Software and Affected Versions: vShare YouTube Clone version 2.6 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `tid` parameter in the group posts.php file. Recommendations: For version 2.6, consider restricting access to the group posts.php file until a patch is available, and avoid using the `tid` parameter in this context to minimize the risk of exploitation.