CVE-2007-1480 – creative Guestbook 1.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-1480
Creative Guestbook 1.0 allows remote attackers to add an administrative account via a direct request to createadmin.php with Name, Email, and PASSWORD parameters set. Creative Guestbook 1.0 permite a atacantes remotos añadir una cuenta de administración mediante una petición directa de createadmin.php con valor para los parámetros Name, Email, y PASSWORD. • https://www.exploit-db.com/exploits/3489 http://osvdb.org/34234 http://secunia.com/advisories/24536 https://exchange.xforce.ibmcloud.com/vulnerabilities/33014 • CWE-287: Improper Authentication •
CVE-2007-1479 – creative Guestbook 1.0 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-1479
Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en Guestbook.php en Creative Guestbook 1.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un parámetro no especificado. • https://www.exploit-db.com/exploits/3489 http://osvdb.org/34233 http://secunia.com/advisories/24536 https://exchange.xforce.ibmcloud.com/vulnerabilities/33015 •