13 matches found
EUVD-2006-0866
Malware in sbrugna...
EUVD-2006-0865
Malware in sbrugna...
guestbook06.txt
author.: l0om - www.excluded.org product: guestbox latest non-BETA 0.6 page: http://spring.realone.ch dork: "Login - Guestbox 0.6" inurl:guestbox.php someone asked me to check the guestbook named "guestbox" and thats the advisory based on my checks. 1.0 everyone can set admin comments to all...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via 1 HTML tags that follow a "http://" string, which bypasses a regular expression check, and 2 other unspecified attack...
CVE-2006-0861
Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to obtain the source IP addresses of guestbook entries via a direct request to /gb/gblog...
Design/Logic Flaw
Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to post an admin comment to a guestbook entry via a certain modified form, possibly related to the nummer parameter...
CVE-2006-0859
Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to post an admin comment to a guestbook entry via a certain modified form, possibly related to the nummer parameter...
Design/Logic Flaw
Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to obtain the source IP addresses of guestbook entries via a direct request to /gb/gblog...
CVE-2006-0861
Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to obtain the source IP addresses of guestbook entries via a direct request to /gb/gblog...
CVE-2006-0860
CVE-2006-0860 affects Michael Salzer Guestbox 0.6 and other versions before 0.8, where multiple XSS vulnerabilities exist. The underlying issue is that HTML tags following a "http://" string bypass a regex check, enabling remote injection of script/HTML; other attack vectors are also noted. No pu...
CVE-2006-0859
CVE-2006-0859 affects Michael Salzer Guestbox 0.6 and earlier versions up to 0.7/0.8 pre-release? It describes a vulnerability where remote attackers can post an admin comment to a guestbook entry via a modified form, possibly related to the nummer parameter. The connected sources corroborate the...
CVE-2006-0861
The CVE-2006-0861 entry concerns Michael Salzer Guestbox 0.6 and earlier than 0.8, where a direct request to /gb/gblog can disclose the source IP addresses of guestbook entries. The NVD summary notes a network-accessible issue with low attack complexity and no authentication, yielding partial con...
[SA18946] Guestbox Two Vulnerabilities and One Security Issue
TITLE: Guestbox Two Vulnerabilities and One Security Issue SECUNIA ADVISORY ID: SA18946 VERIFY ADVISORY: http://secunia.com/advisories/18946/ CRITICAL: Moderately critical IMPACT: Security Bypass, Cross Site Scripting, Exposure of sensitive information WHERE: From remote SOFTWARE: Guestbox 0.x...