Page 2 of 12 results (0.006 seconds)

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2

CVE-2008-3320 – Maian Guestbook 3.2 - Insecure Cookie Handling

https://notcve.org/view.php?id=CVE-2008-3320

admin/index.php in Maian Guestbook 3.2 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary gbook_cookie cookie. admin/index.php de Maian Guestbook 3.2 y anteriores permite a atacantes remotos evitar la autenticación y obtener acceso como administrador enviando una cookie gbook_cookie de su elección. • https://www.exploit-db.com/exploits/6061 http://secunia.com/advisories/31070 http://www.maianscriptworld.co.uk/free-php-scripts/maian-guestbook/development/index.html http://www.securityfocus.com/bid/30203 • CWE-287: Improper Authentication •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2007-5189

https://notcve.org/view.php?id=CVE-2007-5189

Multiple SQL injection vulnerabilities in mes_add.php in x-script GuestBook 1.3a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) icq, and (4) website parameters. Múltiples vulnerabilidades de inyección SQL en mes_add.php de x-script GuestBook 1.3a, cuando magic_quotes_gpc está desactivado, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) name, (2) email, (3) icq, y (4) website. • http://securityreason.com/securityalert/3186 http://www.securityfocus.com/archive/1/481209/100/0/threaded http://www.securityfocus.com/bid/25890 http://www.vupen.com/english/advisories/2007/3347 https://exchange.xforce.ibmcloud.com/vulnerabilities/36895 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 3

CVE-2007-1192 – HyperBook Guestbook 1.3 - GBConfiguration.DAT Hashed Password Information Disclosure

https://notcve.org/view.php?id=CVE-2007-1192

Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat. Thomas R. Pasawicz HyperBook Guestbook 1.30 almancena información sensible bajo la raiz web con insuficientes controles de acceso, lo cual permite a atacantes remotos descargar una contraseña hash de admin a través de una respuesta directa a data/gbconfiguration.dat. • https://www.exploit-db.com/exploits/29687 http://downloads.securityfocus.com/vulnerabilities/exploits/22754.py http://osvdb.org/33868 http://secunia.com/advisories/24392 http://www.securityfocus.com/bid/22754 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2003-1546

https://notcve.org/view.php?id=CVE-2003-1546

Cross-site scripting (XSS) vulnerability in gbook.php in Filebased guestbook 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the comment section. • http://archives.neohapsis.com/archives/bugtraq/2003-03/0219.html http://secunia.com/advisories/8317 http://www.securityfocus.com/bid/7104 http://www.securitytracker.com/id?1006289 https://exchange.xforce.ibmcloud.com/vulnerabilities/11540 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3

CVE-2003-1348 – FTLS Guestbook 1.1 - Script Injection

https://notcve.org/view.php?id=CVE-2003-1348

Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field. • https://www.exploit-db.com/exploits/22202 http://securityreason.com/securityalert/3227 http://www.securityfocus.com/archive/1/308312 http://www.securityfocus.com/bid/6686 https://exchange.xforce.ibmcloud.com/vulnerabilities/11155 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •