4 matches found
CVE-2012-5296
Multiple cross-site scripting XSS vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to 1 approve.asp, 2 delete.asp, 3 edit.asp, or 4 edit2.asp...
CVE-2012-5296
Multiple cross-site scripting XSS vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to 1 approve.asp, 2 delete.asp, 3 edit.asp, or 4 edit2.asp...
CVE-2012-5297
SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote attackers to execute arbitrary SQL commands via the id parameter...
Information disclosure
The modules/mdop.m in the Cypress 1.0k script for BitchX, as downloaded from a distribution site in November 2007, contains an externally introduced backdoor that e-mails sensitive information hostnames, usernames, and shell history to a fixed address...