38 matches found
EUVD-2007-0204
Malware in sbrugna...
EUVD-2008-7099
Malware in sbrugna...
EUVD-2006-6262
Malware in sbrugna...
EUVD-2006-6261
Malware in sbrugna...
EUVD-2004-1548
Malware in sbrugna...
@lex Guestbook 5.0 Multiple Cross Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/37706/info @lex Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in t...
@lex Guestbook <= 4.0.5 - setup.php language_setup Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/28519/info @lex Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...
@lex Guestbook <= 4.0.2 - Remote Command Execution Exploit
No description provided by source. !/usr/bin/php ?php // | | header @lex Guestbook = 4.0.2 Remote Command Execution Exploit | header ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit AdminPassword::toor |...
@lex Guestbook 5.0 - Multiple Cross-Site Scripting Vulnerabilities
@lex Guestbook 5.0 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/37706/info @lex Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to...
@lex Guestbook 5.0 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/37706/info @lex Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user...
@lex Guestbook Cross Site Scripting
============================================================================== / \ | | | | / \ | | | | / \ | | | | / \ | || | / \ | | | | / \ | | // \ || || // \ || || ============================================================================== » Note : Forever RevengeHack.Com-Ar-Ge.Org Acildi...
CVE-2008-7140
Multiple cross-site scripting XSS vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 languagesetup parameter to setup.php or 2 test parameter to index.php. NOTE: the provenance of this information is unknown; the details are...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 languagesetup parameter to setup.php or 2 test parameter to index.php. NOTE: the provenance of this information is unknown; the details are...
CVE-2008-7140
CVE-2008-7140 involves multiple XSS vulnerabilities in the @lex Guestbook package (version 4.0.5 and earlier). The flaws allow remote attackers to inject arbitrary web script or HTML by supplying (1) the language_setup parameter to setup.php or (2) the test parameter to index.php. The posted data...
@lex Guestbook 4.0.5 - 'setup.php?language_setup' Cross-Site Scripting
source: https://www.securityfocus.com/bid/28519/info @lex Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in...
@lex Guestbook 4.0.5 - 'index.php?test' Cross-Site Scripting
source: https://www.securityfocus.com/bid/28519/info @lex Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in...
Directory traversal
Directory traversal vulnerability in admin/skins.php for @lex Guestbook 4.0.2 and earlier allows remote attackers to create files in arbitrary directories via ".." sequences in the 1 ajskin and 2 skinedit parameters. NOTE: this can be leveraged for file inclusion by creating a skin file in the la...
CVE-2007-0205
CVE-2007-0205 is a directory traversal vulnerability in the admin/skins.php module of @lex Guestbook 4.0.2 and earlier. Attackers can create files in arbitrary directories by supplying . . sequences in the aj_skin and skin_edit parameters, which can enable file inclusion by placing a skin file in...
CVE-2007-0202
SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lang parameter...
CVE-2007-0202
CVE-2007-0202 describes a SQL injection in the Web Guestbook app. Affected software: @lex Guestbook 4.0.2 and earlier, specifically via the index.php handler. Root cause: when magic_quotes_gpc is disabled, the parameter lang is unsafely used in a SQL query, enabling an attacker to inject arbitrar...