15 matches found
EUVD-2006-0609
Malware in sbrugna...
phphgGuestbook.txt
SaVSaK.CoM | SpC-x - The-BeKiR | phphg Guestbook Signed.PHP - Remote File Include Vulnerabilities Risk : High Class: Remote Script : phphg Guestbook Credits : SpC-x Thanks : The-BeKiR - Ejder - FasTBoY - ERNE - RMx - Nukedx - Str0ke Code : $phphgrealpath = "./"; include$phphgrealpath...
phphg Guestbook Signed.PHP - Remote File Include Vulnerabilities
SaVSaK.CoM | SpC-x - The-BeKiR | phphg Guestbook Signed.PHP - Remote File Include Vulnerabilities Risk : High Class: Remote Script : phphg Guestbook Credits : SpC-x Thanks : The-BeKiR - Ejder - FasTBoY - ERNE - RMx - Nukedx - Str0ke Code : $phphgrealpath = "./"; include$phphgrealpath...
EV0058.txt
New eVuln Advisory: phphg Guestbook Multiple Vulnerabilities http://evuln.com/vulns/58/summary.html --------------------Summary---------------- eVuln ID: EV0058 CVE: CVE-2006-0602 CVE-2006-0603 CVE-2006-0604 Vendor: Hinton Design Vendor's Web Site: http://www.hintondesign.org Software: phphg...
CVE-2006-0602
Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 username parameter to check.php or the id parameter to 2 admin/editsmilie.php, 3 admin/addtheme.php, 4 admin/banip.php, 5 admin/addlang.php, or 6...
Design/Logic Flaw
check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access...
CVE-2006-0604
check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access...
Cross site scripting
Multiple cross-site scripting vulnerabilities in signed.php in Hinton Design phphg Guestbook 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 location, 2 website, or 3 message parameter...
Sql injection
Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 username parameter to check.php or the id parameter to 2 admin/editsmilie.php, 3 admin/addtheme.php, 4 admin/banip.php, 5 admin/addlang.php, or 6...
CVE-2006-0603
Multiple cross-site scripting vulnerabilities in signed.php in Hinton Design phphg Guestbook 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 location, 2 website, or 3 message parameter...
CVE-2006-0603
Multiple cross-site scripting vulnerabilities in signed.php in Hinton Design phphg Guestbook 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 location, 2 website, or 3 message parameter...
CVE-2006-0603
CVE-2006-0603 affects Hinton Design phphg Guestbook 1.2. multiple cross-site scripting vulnerabilities exist in signed.php, allowing remote attackers to inject arbitrary web script or HTML via the (1) location, (2) website, or (3) message parameter. Root cause: inputs are not properly sanitized i...
CVE-2006-0604
check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access...
CVE-2006-0602
Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 username parameter to check.php or the id parameter to 2 admin/editsmilie.php, 3 admin/addtheme.php, 4 admin/banip.php, 5 admin/addlang.php, or 6...
CVE-2006-0602
CVE-2006-0602 affects Hinton Design phphg Guestbook 1.2. Multiple SQL injection vulnerabilities exist in check.php (username) and several admin scripts (admin/edit_smilie.php, admin/add_theme.php, admin/ban_ip.php, admin/add_lang.php, admin/edit_filter.php). Root cause: insufficient input sanitiz...