EUVD-2006-4031

Malware in sbrugna...

EUVD-2006-4032

Malware in sbrugna...

CVE-2006-4039

Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 gastname, 2 gastwohnort, or 3 gasteintrag parameters...

CVE-2006-4038

Multiple cross-site scripting XSS vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 gastname or 2 gastwohnort parameters...

CVE-2006-4039

CVE-2006-4039 affects GaesteChaos 0.2 and earlier. The vulnerability is in the file eintragen.php , where SQL injection is possible via the parameters gastname , gastwohnort , or gasteintrag , allowing remote attackers to execute arbitrary SQL commands. The published data cite CVSS v2 base score ...

CVE-2006-4038

The CVE-2006-4038 entry applies to GaesteChaos before and including 0.2, where the web application eintragen.php is vulnerable to cross-site scripting. The underlying issue is input handling for the gastname and gastwohnort parameters, which can be crafted to inject arbitrary web script/HTML. The...

CVE-2006-4039

Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 gastname, 2 gastwohnort, or 3 gasteintrag parameters...

CVE-2006-4038

Multiple cross-site scripting XSS vulnerabilities in eintragen.php in GaesteChaos 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 gastname or 2 gastwohnort parameters...

[Full-disclosure] GaesteChaos <= 0.2 Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: GaesteChaos = 0.2 Multiple Vulnerabilities Release Date: 2006/08/04 Last Modified: 2006/08/03 Author: Tamriel tamriel at gmx dot net Application: GaesteChaos = 0.2 Risk: Moderate Vendor Status: not contacted Vendor Site: www.chaossoft.de...