17 matches found
EUVD-2006-0609
Malware in sbrugna...
phphgGuestbook.txt
SaVSaK.CoM | SpC-x - The-BeKiR | phphg Guestbook Signed.PHP - Remote File Include Vulnerabilities Risk : High Class: Remote Script : phphg Guestbook Credits : SpC-x Thanks : The-BeKiR - Ejder - FasTBoY - ERNE - RMx - Nukedx - Str0ke Code : $phphgrealpath = "./"; include$phphgrealpath...
phphg Guestbook Signed.PHP - Remote File Include Vulnerabilities
SaVSaK.CoM | SpC-x - The-BeKiR | phphg Guestbook Signed.PHP - Remote File Include Vulnerabilities Risk : High Class: Remote Script : phphg Guestbook Credits : SpC-x Thanks : The-BeKiR - Ejder - FasTBoY - ERNE - RMx - Nukedx - Str0ke Code : $phphgrealpath = "./"; include$phphgrealpath...
[eVuln] phphg Guestbook Multiple Vulnerabilities
New eVuln Advisory: phphg Guestbook Multiple Vulnerabilities http://evuln.com/vulns/58/summary.html --------------------Summary---------------- eVuln ID: EV0058 CVE: CVE-2006-0602 CVE-2006-0603 CVE-2006-0604 Vendor: Hinton Design Vendor's Web Site: http://www.hintondesign.org Software: phphg...
EV0058.txt
New eVuln Advisory: phphg Guestbook Multiple Vulnerabilities http://evuln.com/vulns/58/summary.html --------------------Summary---------------- eVuln ID: EV0058 CVE: CVE-2006-0602 CVE-2006-0603 CVE-2006-0604 Vendor: Hinton Design Vendor's Web Site: http://www.hintondesign.org Software: phphg...
Design/Logic Flaw
check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access...
CVE-2006-0602
Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 username parameter to check.php or the id parameter to 2 admin/editsmilie.php, 3 admin/addtheme.php, 4 admin/banip.php, 5 admin/addlang.php, or 6...
Cross site scripting
Multiple cross-site scripting vulnerabilities in signed.php in Hinton Design phphg Guestbook 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 location, 2 website, or 3 message parameter...
CVE-2006-0603
Multiple cross-site scripting vulnerabilities in signed.php in Hinton Design phphg Guestbook 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 location, 2 website, or 3 message parameter...
CVE-2006-0604
check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access...
Sql injection
Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 username parameter to check.php or the id parameter to 2 admin/editsmilie.php, 3 admin/addtheme.php, 4 admin/banip.php, 5 admin/addlang.php, or 6...
CVE-2006-0603
Multiple cross-site scripting vulnerabilities in signed.php in Hinton Design phphg Guestbook 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 location, 2 website, or 3 message parameter...
CVE-2006-0603
CVE-2006-0603 affects Hinton Design phphg Guestbook 1.2. multiple cross-site scripting vulnerabilities exist in signed.php, allowing remote attackers to inject arbitrary web script or HTML via the (1) location, (2) website, or (3) message parameter. Root cause: inputs are not properly sanitized i...
CVE-2006-0602
Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 username parameter to check.php or the id parameter to 2 admin/editsmilie.php, 3 admin/addtheme.php, 4 admin/banip.php, 5 admin/addlang.php, or 6...
CVE-2006-0604
The CVE-2006-0604 issue affects Hinton Design’s phphg Guestbook 1.2. The vulnerability is an authentication bypass in the check.php script where passwords are not checked when identified via cookies, enabling remote attackers to gain unauthorized access. Connected sources confirm a cookie-based b...
CVE-2006-0602
CVE-2006-0602 affects Hinton Design phphg Guestbook 1.2. Multiple SQL injection vulnerabilities exist in check.php (username) and several admin scripts (admin/edit_smilie.php, admin/add_theme.php, admin/ban_ip.php, admin/add_lang.php, admin/edit_filter.php). Root cause: insufficient input sanitiz...
CVE-2006-0604
check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access...