CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

securityvulns•added 2005/07/05 12:0 a.m.•25 views

a new sql injection for aspjar guestbook

0.7AI score

CVE•added 2005/06/21 4:0 a.m.•42 views

CVE-2002-1729

CVE-2002-1729 describes a cross-site scripting (XSS) vulnerability in ASPjar Guestbook 1.00. The flaw occurs in the guestbook message handling when the user-supplied parameter (the "web site" field) is not properly sanitized, allowing remote attackers to execute arbitrary script as other users. D...

6.8CVSS6.8AI score0.01009EPSS

CVE•added 2005/06/21 4:0 a.m.•42 views

CVE-2002-1730

CVE-2002-1730 affects ASPjar Guestbook 1.00, where remote attackers can delete arbitrary messages by accessing the delete.asp administrative script with certain cookie values set to "true". The vulnerability is documented in the CVE entry and is referenced by NVD entries and CVE lists. The core i...

5CVSS7.2AI score0.00392EPSS

Cvelist•added 2005/06/21 4:0 a.m.•12 views

CVE-2002-1730

ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary messages accessing the delete.asp administrative script with certain cookie values set to "true"...

6.7AI score0.00392EPSS

Cvelist•added 2005/06/21 4:0 a.m.•13 views

CVE-2002-1729

Cross-site scripting vulnerability XSS in ASPjar Guestbook 1.00 allows remote attackers to execute arbitrary script as other users via the "web site" parameter in a guestbook message...

6.5AI score0.01009EPSS

NVD•added 2005/04/27 4:0 a.m.•13 views

CVE-2005-0423

SQL injection vulnerability in login.asp in ASPjar Guestbook allows remote attackers to execute arbitrary SQL commands via the password field...

5CVSS8.5AI score0.00364EPSS

NVD•added 2005/04/27 4:0 a.m.•9 views

CVE-2005-0424

Unknown vulnerability in the delete.asp program in certain versions of ASPjar Guestbook allows remote attackers to delete messages. NOTE: there is insufficient information to know if this is the same issue as CVE-2002-1730...

5CVSS6.3AI score0.00425EPSS

Packet Storm•added 2005/03/22 12:0 a.m.•26 views

aspjarXSS.txt

A XSS vulnerability exist in the ASPjar Tell-a-Friend. Code: "XSS!-- You can put the code in "Your Name Text". But this company is no longer exist and the software is no longer being updated...

7.4AI score

securityvulns•added 2005/03/17 12:0 a.m.•29 views

ASPjar Tell-a-Friend

A XSS vulnerability exist in the ASPjar Tell-a-Friend. Code: "pbrpbrfont size=44XSS!-- You can put the code in "Your Name Text". But this company is no longer exist and the software is no longer being updated...

1.4AI score

Cvelist•added 2005/02/15 5:0 a.m.•12 views

CVE-2005-0424

6.3AI score0.00425EPSS

Cvelist•added 2005/02/15 5:0 a.m.•16 views

CVE-2005-0423

SQL injection vulnerability in login.asp in ASPjar Guestbook allows remote attackers to execute arbitrary SQL commands via the password field...

8.5AI score0.00364EPSS

CVE•added 2005/02/15 5:0 a.m.•44 views

CVE-2005-0424

Affected software: ASPjar Guestbook 1.00. The CVE-2005-0424 entry maps to CVE-2002-1730 and describes a vulnerability in delete.asp that enables remote attackers to delete arbitrary messages by crafting specific cookie values. Root cause: improper handling of the delete.asp administrative script ...

5CVSS6.4AI score0.00425EPSS

CVE•added 2005/02/15 5:0 a.m.•54 views

CVE-2005-0423

ASPjar Guestbook is affected by a SQL injection in login.asp that allows remote attackers to execute arbitrary SQL commands via the password field. The vulnerability is documented in multiple sources (e.g., NVD and OpenVAS entries) with the same basic vector (unvalidated input in login form). The...

5CVSS8.5AI score0.00364EPSS

securityvulns•added 2005/02/12 12:0 a.m.•33 views

ASPjar guestbook (Injection in login page)

Go to /admin/login.asp and type in password field: ' or ''=' Also in some version of ASPjar , Attackers can delete messages . Go to /admin/delete.asp...

3.8AI score