Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote attackers to execute arbitrary PHP code via a URL in the includepath parameter to 1 index.php, 2 addentry.php, or 3 picture.php, a different set of vectors than CVE-2006-5804. NOTE: this issue has been...

Advanced Guestbook <=- 2.4.2 (include_path) Remote File Include Vulnerability

Advanced Guestbook =- 2.4.2 includepath Remote File Include Vulnerability Script: Advanced Guestbook Version: 2.4.2 URL: http://proxy2.de/js/dl86d7a2.php Found By : BorN To K!LL Bug in : index.php , addentry.php , picture.php code :. requireonce $includepath."/admin/config.inc.php"; requireonce...

CVE-2006-5508

Multiple SQL injection vulnerabilities in addentry.php in WoltLab Burning Book 1.1.2 allow remote attackers to execute arbitrary SQL commands via 1 the n parameter and 2 the User-Agent HTTP header...

многочисленные уязвимости в WoltLab Burning Book <=1.1.2

сайт прозводителя: woltlab.de уязвима версия 1.1.2 и возможно более раннии уязвимость носит критический характер файл addentry.php движка содержит код: whilelist$key,$val=each$POST $$key=$val; данные переданные методом POST не проверяются, в результате чего имеется возможность подменить глобальны...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when registerglobals is enabled, allows remote attackers to include arbitrary files via the phpbbrootpath parameter...

CVE-2006-2152

CVE-2006-2152 affects phpBB Advanced Guestbook 2.4.0 and earlier, where admin/addentry.php fails to sanitize input to the phpbb_root_path parameter before using it in PHP include(). This PHP remote file inclusion vulnerability arises when register_globals is enabled, allowing an unauthenticated a...

phpBB Advanced GuestBook addentry.php phpbb_root_path Parameter Remote File Inclusion

The remote host is running Advanced Guestbook, a free guestbook written in PHP. The version of Advanced Guestbook installed on the remote host fails to sanitize input to the 'phpbbrootpath' parameter of the 'admin/addentry.php' script before using it in a PHP 'include' function. Provided PHP's...

Cross site scripting

Cross-site scripting XSS vulnerability in addentry.php in Chipmunk Guestbook 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the homepage parameter...

CVE-2006-0069

CVE-2006-0069 describes a cross-site scripting (XSS) vulnerability in the addentry.php script of Chipmunk Guestbook 1.4 and earlier. The issue allows remote attackers to inject arbitrary web script or HTML via the homepage parameter. The public metrics indicate a moderate impact (CVSS v2: AV:N/AC...

CVE-2005-0284

CVE-2005-0284 describes a SQL injection vulnerability in Woltlab Burning Book 1.0 Gold and 1.1.1e (and possibly other versions) where the addentry.php script mishandles the user-agent parameter, allowing remote attackers to execute arbitrary SQL commands. The provided sources state the affected c...

CVE-2005-0284

SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter...