CVE-2007-0202

SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lang parameter...

CVE-2007-0202

CVE-2007-0202 describes a SQL injection in the Web Guestbook app. Affected software: @lex Guestbook 4.0.2 and earlier, specifically via the index.php handler. Root cause: when magic_quotes_gpc is disabled, the parameter lang is unsafely used in a SQL query, enabling an attacker to inject arbitrar...

CVE-2007-0202

SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lang parameter...

@lex Guestbook 4.0.2 - Remote Command Execution

@lex Guestbook 4.0.2 - Remote Command Execution !/usr/bin/php @lex Guestbook ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit AdminPassword::toor | status Trying to get logged in | sploit Done | status...

@lex Guestbook <= 4.0.2 Remote Command Execution Exploit

Exploit for unknown platform in category web applications ======================================================== @lex Guestbook @lex Guestbook ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit...

@lex Guestbook 4.0.2 - Remote Command Execution

!/usr/bin/php @lex Guestbook ======================================================== | status Retrieving the administrator password | sploit AdminUsername::root | sploit AdminPassword::toor | status Trying to get logged in | sploit Done | status Trying to add a skin | sploit Done | status Writin...

alexguestbook.txt

@lex Guestbook 4.0.1 -------------------- Vendor site: http://www.alexphpteam.com/ Product: @lex Guestbook 4.0.1 Vulnerability: Full Path Disclosure & XSS Credits: MrKaLiMaN Reported to Vendor: 24.11.06 Public disclosure: 30.11.06 Description: ------------ Full Path Disclosure:...

CVE-2006-6278

Cross-site scripting XSS vulnerability in index.php in @lex Guestbook 4.0.1 allows remote attackers to inject arbitrary web script or HTML via the skin parameter...

CVE-2006-6278

Cross-site scripting XSS vulnerability in index.php in @lex Guestbook 4.0.1 allows remote attackers to inject arbitrary web script or HTML via the skin parameter...

CVE-2006-6278

CVE-2006-6278 is a cross-site scripting (XSS) vulnerability in the index.php of @lex Guestbook 4.0.1 , exploitable via the skin parameter to inject arbitrary web script or HTML. Affected software: @lex Guestbook 4.0.1 (index.php). The documents confirm the vulnerability and payload type but do no...

CVE-2006-6278

Cross-site scripting XSS vulnerability in index.php in @lex Guestbook 4.0.1 allows remote attackers to inject arbitrary web script or HTML via the skin parameter...

CVE-2006-6279

index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain sensitive information via a skin parameter referencing a nonexistent skin, which reveals the installation path in an error message...

CVE-2006-6279

Vulnerability CVE-2006-6279 affects @lex Guestbook 4.0.1. The issue occurs in index.php where a skin parameter referencing a nonexistent skin causes an error message that reveals the installation path, enabling information disclosure to remote attackers. The NVD entry lists this as a medium-sever...

@lex Guestbook 4.0.1 : Full Path Disclosure &amp; XSS

@lex Guestbook 4.0.1 -------------------- Vendor site: http://www.alexphpteam.com/ Product: @lex Guestbook 4.0.1 Vulnerability: Full Path Disclosure & XSS Credits: MrKaLiMaN Reported to Vendor: 24.11.06 Public disclosure: 30.11.06 Description: ------------ Full Path Disclosure:...

@lex Guestbook 4.0.1 : Full Path Disclosure &amp; XSS

@lex Guestbook 4.0.1 -------------------- Vendor site: http://www.alexphpteam.com/ Product: @lex Guestbook 4.0.1 Vulnerability: Full Path Disclosure & XSS Credits: MrKaLiMaN Reported to Vendor: 24.11.06 Public disclosure: 30.11.06 Description: ------------ Full Path Disclosure:...

guestbookInject.txt

------------------------------------------------------ Nightmare TeAmZ Advisory 010 ------------------------------------------------------ Date - 10/2005 @lex Guestbook 3.3 XSS & CRLF injection AFFECTED PRODUCTS ================= @lex Guestbook http://www.alexphpteam.com OVERVIEW ======== Nice...

CVE-2004-1554

The CVE-2004-1554 entry concerns @lex Guestbook (PHP) with a remote file inclusion vulnerability in livre_include.php where the chem_absolu parameter can be manipulated to reference a remote URL containing PHP code. This allows an attacker to remotely include and execute arbitrary PHP code on the...

CVE-2004-1554

PHP remote file inclusion vulnerability in livreinclude.php in @lex Guestbook allows remote attackers to execute arbitrary PHP code by modifying the chemabsolu parameter to reference a URL on a remote web server that contains the code...

CVE-2004-1554

PHP remote file inclusion vulnerability in livreinclude.php in @lex Guestbook allows remote attackers to execute arbitrary PHP code by modifying the chemabsolu parameter to reference a URL on a remote web server that contains the code...

@lex Guestbook livre_include.php chem_absolu Parameter Remote File Inclusion

The remote host seems to be running @lex guestbook, a guestbook web application written in PHP. The reported version may permit remote attackers, without prior authentication, to include and execute malicious PHP scripts. By modifying the 'chemabsolu' parameter of the 'livreinclude.php' script, i...