CVE-2007-4290

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the scriptroot parameter to 1 delete.php, 2 edit.php, or 3 inc/common.inc.php; or 4 database.php, 5 entries.php, 6 index.php, 7 logout.php, or 8 settings.ph...

CVE-2007-4290

Multiple PHP remote file inclusion vulnerabilities in Guestbook Script 1.9 allow remote attackers to execute arbitrary PHP code via a URL in the scriptroot parameter to 1 delete.php, 2 edit.php, or 3 inc/common.inc.php; or 4 database.php, 5 entries.php, 6 index.php, 7 logout.php, or 8 settings.ph...

CVE-2007-4290

CVE-2007-4290 concerns Guestbook Script 1.9, where multiple PHP remote file inclusion vulnerabilities allow an attacker to execute arbitrary PHP code via a URL in the script_root parameter to files in the admin/ area (delete.php, edit.php, inc/common.inc.php) and in (database.php, entries.php, in...

PT-2007-5481 · Unknown · X-Script Guestbook

Name of the Vulnerable Software and Affected Versions: Guestbook Script version 1.9 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the script root parameter to various PHP files, including 'delete.php', 'edit.php', 'inc/common.inc.php', 'database.php',...

Guestbook Script 1.9 RFI

Guestbook Script 1.9 Remote File Include Dork:"Guestbook Script 1.9" Vuln Code: /admin/database.php /admin/entries.php /admin/index.php /admin/logout.php /admin/settings.php /delete.php /edit.php /inc/common.inc.php Exploit: www.server.com/path/file.php?scriptroot=Sh3ll =====================...

ziyar-xss.txt

Ziyaretçi Defteri v1.0 XSS Vulnerability Software: Ziyaretçi Defteri v1.0 download: http://www.aspindir.com/goster/5059 demo: http://russian.buyuksari.com/ Found By: GeFORC3 G3 Exploit: 1-http://www.example.com/scriptpath/main.asp Ýsim : alert"G3"; E-mail : [email protected] Mesaj : alert"G3";...

PT-2007-4163 · Simpgb · Simpgb

Name of the Vulnerable Software and Affected Versions: SimpGB version 1.46.0 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the path simpgb parameter to various PHP scripts, including "guestbook.php", "search.php", "mailer.php", "avatars.php", "ccode.php...

Crea-Book <= 1.0 Admin Access Bypass / DB Disclosure / Code Execution

/======================================= | Advisory :: Crea-Book = 1.0 | +=======================================+--------------------------------------------------------------- | | | Download link : http://www.comscripts.com/scripts/php.creabook.1359.html | | Type : Guestbook | | Vuln. found :...

CVE-2006-2231

Multiple cross-site scripting XSS vulnerabilities in addguest.cgi in Big Webmaster Guestbook Script 1.02 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 mail, 2 site, 3 city, 4 state, 5 country, and possibly 6 name fields, which are viewed via viewguest.cgi...

Remote file inclusion

Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when registerglobals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remo...

CVE-2006-2158

Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when registerglobals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remo...

CVE-2006-2158

Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when registerglobals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remo...

CVE-2006-2158

CVE-2006-2158 affects Stadtaus Gaestebuch-Script (Guestbook Script) in versions 1.7 and earlier. The issue is a dynamic variable evaluation vulnerability in index.php where, if PHP register_globals is enabled, input to the include_files array is evaluated as PHP variable variables. This can allow...

GuestBook Script <= 1.7 (include_files) Remote Code Execution Exploit

Exploit for unknown platform in category web applications ===================================================================== GuestBook Script ' . $txt'txtfilenotfound' . ': ' . $val . ''; $tpl-register'guest', $key; ... here is includecontent function: function includecontent$path if isfile$pa...

Guestbook Script 1.7 - &#039;include_files&#039; Remote Code Execution

!/usr/bin/perl use IO::Socket; print "guestbook script ' . $txt'txtfilenotfound' . ': ' . $val . ''; $tpl-register'guest', $key; ... here is includecontent function: function includecontent$path if isfile$path obstart; include$path; $content = obgetcontents; obendclean; if isset$content return...

guestbook.pl

The SPDX-FileCopyrightText: 1999 Mathieu Perrin Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10099";...

BlackBook - Multiple Vunerabilities

------------------------------------------------------------------ - EXPL-A-2003-015 exploitlabs.com Advisory 015 ------------------------------------------------------------------ -= BlackBook =- Donnie Werner July 11, 2003 Vunerabilitys: ---------------- 1. XSS executes JS in PHP remotely 2...

[Full-Disclosure] BlackBook - Multiple Vunerabilities

------------------------------------------------------------------ - EXPL-A-2003-015 exploitlabs.com Advisory 015 ------------------------------------------------------------------ -= BlackBook =- Donnie Werner July 11, 2003 Vunerabilitys: ---------------- 1. XSS executes JS in PHP remotely 2...

Guestbook v1.1.3 CSS Vuln

Project: Filebased guestbook. Author: Copyright c Urs [email protected] Version: 1.1.3 Update: 17-09-2002 Homepage: http://www.circle.ch/scripts/ This PHP guest book script is vulnerable to hostile cross scripting in the 'comment' section of guest book posts. Comments span across multiple pages, with...

CVE-2001-0099

bsguest.cgi guestbook script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address...