15 matches found
EUVD-2006-0609
Malware in sbrugna...
phphgGuestbook.txt
SaVSaK.CoM | SpC-x - The-BeKiR | phphg Guestbook Signed.PHP - Remote File Include Vulnerabilities Risk : High Class: Remote Script : phphg Guestbook Credits : SpC-x Thanks : The-BeKiR - Ejder - FasTBoY - ERNE - RMx - Nukedx - Str0ke Code : $phphgrealpath = "./"; include$phphgrealpath...
phphg Guestbook Signed.PHP - Remote File Include Vulnerabilities
SaVSaK.CoM | SpC-x - The-BeKiR | phphg Guestbook Signed.PHP - Remote File Include Vulnerabilities Risk : High Class: Remote Script : phphg Guestbook Credits : SpC-x Thanks : The-BeKiR - Ejder - FasTBoY - ERNE - RMx - Nukedx - Str0ke Code : $phphgrealpath = "./"; include$phphgrealpath...
EV0058.txt
New eVuln Advisory: phphg Guestbook Multiple Vulnerabilities http://evuln.com/vulns/58/summary.html --------------------Summary---------------- eVuln ID: EV0058 CVE: CVE-2006-0602 CVE-2006-0603 CVE-2006-0604 Vendor: Hinton Design Vendor's Web Site: http://www.hintondesign.org Software: phphg...
CVE-2006-0602
Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 username parameter to check.php or the id parameter to 2 admin/editsmilie.php, 3 admin/addtheme.php, 4 admin/banip.php, 5 admin/addlang.php, or 6...
Design/Logic Flaw
check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access...
CVE-2006-0604
check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access...
CVE-2006-0603
Multiple cross-site scripting vulnerabilities in signed.php in Hinton Design phphg Guestbook 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 location, 2 website, or 3 message parameter...
Cross site scripting
Multiple cross-site scripting vulnerabilities in signed.php in Hinton Design phphg Guestbook 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 location, 2 website, or 3 message parameter...
Sql injection
Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 username parameter to check.php or the id parameter to 2 admin/editsmilie.php, 3 admin/addtheme.php, 4 admin/banip.php, 5 admin/addlang.php, or 6...
CVE-2006-0604
check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access...
CVE-2006-0603
Multiple cross-site scripting vulnerabilities in signed.php in Hinton Design phphg Guestbook 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 location, 2 website, or 3 message parameter...
CVE-2006-0602
Multiple SQL injection vulnerabilities in Hinton Design phphg Guestbook 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 username parameter to check.php or the id parameter to 2 admin/editsmilie.php, 3 admin/addtheme.php, 4 admin/banip.php, 5 admin/addlang.php, or 6...
CVE-2006-0603
CVE-2006-0603 affects Hinton Design phphg Guestbook 1.2. multiple cross-site scripting vulnerabilities exist in signed.php, allowing remote attackers to inject arbitrary web script or HTML via the (1) location, (2) website, or (3) message parameter. Root cause: inputs are not properly sanitized i...
CVE-2006-0602
CVE-2006-0602 affects Hinton Design phphg Guestbook 1.2. Multiple SQL injection vulnerabilities exist in check.php (username) and several admin scripts (admin/edit_smilie.php, admin/add_theme.php, admin/ban_ip.php, admin/add_lang.php, admin/edit_filter.php). Root cause: insufficient input sanitiz...