NotCVE - vendor:"Shiromuku" product:"Guestbook" version:" <= 1.61"

Page 2 of 11 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2007-5189

https://notcve.org/view.php?id=CVE-2007-5189

Multiple SQL injection vulnerabilities in mes_add.php in x-script GuestBook 1.3a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) icq, and (4) website parameters. Múltiples vulnerabilidades de inyección SQL en mes_add.php de x-script GuestBook 1.3a, cuando magic_quotes_gpc está desactivado, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) name, (2) email, (3) icq, y (4) website. • http://securityreason.com/securityalert/3186 http://www.securityfocus.com/archive/1/481209/100/0/threaded http://www.securityfocus.com/bid/25890 http://www.vupen.com/english/advisories/2007/3347 https://exchange.xforce.ibmcloud.com/vulnerabilities/36895 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 3

CVE-2007-1192 – HyperBook Guestbook 1.3 - GBConfiguration.DAT Hashed Password Information Disclosure

https://notcve.org/view.php?id=CVE-2007-1192

Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat. Thomas R. Pasawicz HyperBook Guestbook 1.30 almancena información sensible bajo la raiz web con insuficientes controles de acceso, lo cual permite a atacantes remotos descargar una contraseña hash de admin a través de una respuesta directa a data/gbconfiguration.dat. • https://www.exploit-db.com/exploits/29687 http://downloads.securityfocus.com/vulnerabilities/exploits/22754.py http://osvdb.org/33868 http://secunia.com/advisories/24392 http://www.securityfocus.com/bid/22754 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2003-1534

https://notcve.org/view.php?id=CVE-2003-1534

Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice Guestbook 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) aim, (4) yim, (5) location, and (6) comment variables. • http://secunia.com/advisories/8475 http://securityreason.com/securityalert/3347 http://www.securityfocus.com/archive/1/316745/30/25280/threaded http://www.securityfocus.com/bid/7233 http://www.securitytracker.com/id?1006412 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

CVE-2003-1546

https://notcve.org/view.php?id=CVE-2003-1546

Cross-site scripting (XSS) vulnerability in gbook.php in Filebased guestbook 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the comment section. • http://archives.neohapsis.com/archives/bugtraq/2003-03/0219.html http://secunia.com/advisories/8317 http://www.securityfocus.com/bid/7104 http://www.securitytracker.com/id?1006289 https://exchange.xforce.ibmcloud.com/vulnerabilities/11540 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 4

CVE-2003-1535 – Justice Guestbook 1.3 - Full Path Disclosure

https://notcve.org/view.php?id=CVE-2003-1535

Justice Guestbook 1.3 allows remote attackers to obtain the full installation path via a direct request to cfooter.php3, which leaks the path in an error message. • https://www.exploit-db.com/exploits/22444 http://secunia.com/advisories/8475 http://securityreason.com/securityalert/3347 http://www.securityfocus.com/archive/1/316745/30/25280/threaded http://www.securityfocus.com/bid/7234 http://www.securitytracker.com/id?1006412 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

1 2 3