SQL injection vulnerability in login.asp in ASPjar Guestbook allows remote attackers to execute arbitrary SQL commands via the password field.

Unknown vulnerability in the delete.asp program in certain versions of ASPjar Guestbook allows remote attackers to delete messages. NOTE: there is insufficient information to know if this is the same issue as CVE-2002-1730.

Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 allows remote attackers to execute arbitrary script as other users via the "web site" parameter in a guestbook message.

ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary messages accessing the delete.asp administrative script with certain cookie values set to "true".