Show filters
35 Total Results
Displaying 1-10 of 35
Sort by:
Attacker Value
Unknown

CVE-2023-22985

Disclosure Date: April 06, 2023 (last updated October 08, 2023)
Sourcecodester Simple Guestbook Management System version 1 is vulnerable to Cross Site Scripting (XSS) via Name, Referrer, Location, and Comments.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2010-4865

Disclosure Date: October 05, 2011 (last updated October 04, 2023)
SQL injection vulnerability in the JE Guestbook (com_jeguestbook) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the d_itemid parameter in an item_detail action to index.php.
0
0
Attacker Value
Unknown

CVE-2010-4358

Disclosure Date: December 01, 2010 (last updated October 04, 2023)
Multiple cross-site scripting (XSS) vulnerabilities in gb.cgi in MRCGIGUY (MCG) Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) website, and (4) message parameters.
0
0
Attacker Value
Unknown

CVE-2009-4760

Disclosure Date: March 29, 2010 (last updated October 04, 2023)
Winn ASP Guestbook 1.01 Beta stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/guestbook.mdb.
0
0
Attacker Value
Unknown

CVE-2010-0978

Disclosure Date: March 16, 2010 (last updated October 04, 2023)
KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/db.mdb.
0
0
Attacker Value
Unknown

CVE-2010-0940

Disclosure Date: March 08, 2010 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
0
0
Attacker Value
Unknown

CVE-2008-7007

Disclosure Date: August 19, 2009 (last updated October 04, 2023)
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to 1.
0
0
Attacker Value
Unknown

CVE-2008-7006

Disclosure Date: August 19, 2009 (last updated October 04, 2023)
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and download a backup of the database via a direct request to admin/backupdb.php.
0
0
Attacker Value
Unknown

CVE-2009-0424

Disclosure Date: February 05, 2009 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in sign1.php in AN Guestbook (ANG) before 0.7.7 allows remote attackers to inject arbitrary web script or HTML via the country parameter, which is not properly handled in (1) administrator/manage.php or (2) administrator/trash.php. NOTE: some of these details are obtained from third party information.
0
0
Attacker Value
Unknown

CVE-2007-2093

Disclosure Date: April 18, 2007 (last updated October 04, 2023)
Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter.
0
0
View More Topics  Next >