Vulnerabilities > Maxdev > MD PRO > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-10-27 | CVE-2006-5565 | HTTP Response Splitting vulnerability in MAXdev MD-Pro CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary HTTP headers via a CRLF sequence in the (1) name, (2) file, (3) module, and (4) func parameters in (a) index.php; and the (5) file parameter in (b) modules.php. | 5.0 |
| 2006-10-27 | CVE-2006-5564 | Cross-Site Scripting vulnerability in MAXdev MD-Pro User.PHP Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. network maxdev | 4.3 |
| 2005-09-14 | CVE-2005-2887 | Information Disclosure vulnerability in Maxdev Md-Pro 1.0.73 MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to (1) wiki.php, (2) AutoTheme directory, (3) Blocks directory, (4) admin.php, (5) pnadmin.php, or (6) Topics directory, which reveal the path in an error message. | 5.0 |
| 2005-09-14 | CVE-2005-2886 | Cross-Site Scripting vulnerability in MAXdev MD-Pro Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.73, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via (1) the print parameter to the print module, the sitename parameter to (2) bb_smilies or (3) bbcode_ref module, or (4) the hlpfile parameter to openwindow.php. network maxdev | 4.3 |
| 2005-09-07 | CVE-2005-2839 | Cross-Site Scripting vulnerability in Maxdev Md-Pro 1.0.72 Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.72 allow remote attackers to inject arbitrary web script or HTML via (1) dl-search.php or (2) wl-search.php. network maxdev | 4.3 |