CVE-2007-5189
https://notcve.org/view.php?id=CVE-2007-5189
Multiple SQL injection vulnerabilities in mes_add.php in x-script GuestBook 1.3a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) icq, and (4) website parameters. Múltiples vulnerabilidades de inyección SQL en mes_add.php de x-script GuestBook 1.3a, cuando magic_quotes_gpc está desactivado, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) name, (2) email, (3) icq, y (4) website. • http://securityreason.com/securityalert/3186 http://www.securityfocus.com/archive/1/481209/100/0/threaded http://www.securityfocus.com/bid/25890 http://www.vupen.com/english/advisories/2007/3347 https://exchange.xforce.ibmcloud.com/vulnerabilities/36895 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2007-1192 – HyperBook Guestbook 1.3 - GBConfiguration.DAT Hashed Password Information Disclosure
https://notcve.org/view.php?id=CVE-2007-1192
Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat. Thomas R. Pasawicz HyperBook Guestbook 1.30 almancena información sensible bajo la raiz web con insuficientes controles de acceso, lo cual permite a atacantes remotos descargar una contraseña hash de admin a través de una respuesta directa a data/gbconfiguration.dat. • https://www.exploit-db.com/exploits/29687 http://downloads.securityfocus.com/vulnerabilities/exploits/22754.py http://osvdb.org/33868 http://secunia.com/advisories/24392 http://www.securityfocus.com/bid/22754 •
CVE-2003-1546
https://notcve.org/view.php?id=CVE-2003-1546
Cross-site scripting (XSS) vulnerability in gbook.php in Filebased guestbook 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the comment section. • http://archives.neohapsis.com/archives/bugtraq/2003-03/0219.html http://secunia.com/advisories/8317 http://www.securityfocus.com/bid/7104 http://www.securitytracker.com/id?1006289 https://exchange.xforce.ibmcloud.com/vulnerabilities/11540 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2003-1348 – FTLS Guestbook 1.1 - Script Injection
https://notcve.org/view.php?id=CVE-2003-1348
Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field. • https://www.exploit-db.com/exploits/22202 http://securityreason.com/securityalert/3227 http://www.securityfocus.com/archive/1/308312 http://www.securityfocus.com/bid/6686 https://exchange.xforce.ibmcloud.com/vulnerabilities/11155 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2003-1534
https://notcve.org/view.php?id=CVE-2003-1534
Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice Guestbook 1.3 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) aim, (4) yim, (5) location, and (6) comment variables. • http://secunia.com/advisories/8475 http://securityreason.com/securityalert/3347 http://www.securityfocus.com/archive/1/316745/30/25280/threaded http://www.securityfocus.com/bid/7233 http://www.securitytracker.com/id?1006412 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •