gBook 1.4 Administrative Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6033/info A vulnerability has been discovered in gBook v1.4. It has been reported that it is possible for an unauthorized attacker to gain administrative access to gBook by passing a malicious request to a php script...

CVE-2008-6934

Static code injection vulnerability in Sanus|artificium aka Sanusart Free simple guestbook PHP script, when downloaded before 20081111, allows remote attackers to inject arbitrary PHP code into messages.txt via the message parameter to act.php, which is executed when guestbook/guestbook.php is...

Fantastic Guestbook v2.0.1 Advisory

.:. Fantastic Guestbook v2.0.1 Advisory .:. Date of written Advisory: ------------------------- July, 11 2006 Product: -------- Fantastic Guestbook v2.0.1 Vendor: ------- http://fscripts.com/ Description: ------------ Fantastic GuestBook version 2.0.1 is simple GuestBook; where remote user withou...

Jason Maloney's Guestbook XSS Vulnerability.

Introduction Jason Maloney's Guestbook is a simple CGI script which is both an easy to use and easy to setup guestbook script. The script fails to carefully sanitize user input, such as certain dangerous metacharacters, resulting in an XSS vulnerability. The Bug During the user-input parsing...

Lycos HTMLGear - guestGear CSS HTML Injection

source: https://www.securityfocus.com/bid/5728/info Lycos htmlGEAR guestGEAR does not sanitize HTML from CSS Cascading Style-Sheets elements in guestbook fields. An attacker could capitalize on this situation to include arbitrary HTML and script code in a guestbook entries, which would be rendere...