13 matches found
EUVD-2006-0865
Malware in sbrugna...
EUVD-2006-0866
Malware in sbrugna...
guestbook06.txt
author.: l0om - www.excluded.org product: guestbox latest non-BETA 0.6 page: http://spring.realone.ch dork: "Login - Guestbox 0.6" inurl:guestbox.php someone asked me to check the guestbook named "guestbox" and thats the advisory based on my checks. 1.0 everyone can set admin comments to all...
Design/Logic Flaw
Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to obtain the source IP addresses of guestbook entries via a direct request to /gb/gblog...
Design/Logic Flaw
Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to post an admin comment to a guestbook entry via a certain modified form, possibly related to the nummer parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via 1 HTML tags that follow a "http://" string, which bypasses a regular expression check, and 2 other unspecified attack...
CVE-2006-0861
Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to obtain the source IP addresses of guestbook entries via a direct request to /gb/gblog...
CVE-2006-0859
Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to post an admin comment to a guestbook entry via a certain modified form, possibly related to the nummer parameter...
CVE-2006-0861
Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to obtain the source IP addresses of guestbook entries via a direct request to /gb/gblog...
CVE-2006-0861
The CVE-2006-0861 entry concerns Michael Salzer Guestbox 0.6 and earlier than 0.8, where a direct request to /gb/gblog can disclose the source IP addresses of guestbook entries. The NVD summary notes a network-accessible issue with low attack complexity and no authentication, yielding partial con...
CVE-2006-0859
CVE-2006-0859 affects Michael Salzer Guestbox 0.6 and earlier versions up to 0.7/0.8 pre-release? It describes a vulnerability where remote attackers can post an admin comment to a guestbook entry via a modified form, possibly related to the nummer parameter. The connected sources corroborate the...
CVE-2006-0860
CVE-2006-0860 affects Michael Salzer Guestbox 0.6 and other versions before 0.8, where multiple XSS vulnerabilities exist. The underlying issue is that HTML tags following a "http://" string bypass a regex check, enabling remote injection of script/HTML; other attack vectors are also noted. No pu...
[SA18946] Guestbox Two Vulnerabilities and One Security Issue
TITLE: Guestbox Two Vulnerabilities and One Security Issue SECUNIA ADVISORY ID: SA18946 VERIFY ADVISORY: http://secunia.com/advisories/18946/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, Exposure of sensitive information WHERE: From remote SOFTWARE: Guestbox 0.x...