13 matches found
EUVD-2007-1617
Malware in sbrugna...
EUVD-2007-1618
Malware in sbrugna...
EUVD-2007-1619
Malware in sbrugna...
Sql injection
Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow remote attackers to execute arbitrary SQL commands via the 1 name, 2 email, 3 homepage, and 4 text parameters to saveentry.php, as reachable through addentry.php; and possibly other unspecified parameters and files. NOTE: the...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in realGuestbook 5.01, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 bgcolor1, 2 fsmenu, 3 fcmenu, 4 ffmenu, 5 bgcolor2, 6 fsnormal, 7 fcnormal, and 8 ffnormal parameters to...
CVE-2007-1623
Multiple cross-site scripting XSS vulnerabilities in realGuestbook 5.01, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 bgcolor1, 2 fsmenu, 3 fcmenu, 4 ffmenu, 5 bgcolor2, 6 fsnormal, 7 fcnormal, and 8 ffnormal parameters to...
CVE-2007-1624
Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow remote attackers to execute arbitrary SQL commands via the 1 name, 2 email, 3 homepage, and 4 text parameters to saveentry.php, as reachable through addentry.php; and possibly other unspecified parameters and files. NOTE: the...
CVE-2007-1624
Multiple SQL injection vulnerabilities affect realGuestbook 5.01, allowing remote attackers to inject arbitrary SQL via (1) name, (2) email, (3) homepage, and (4) text parameters to save_entry.php reachable through add_entry.php (and possibly other unspecified parameters/files). This CVE entry do...
CVE-2007-1625
CVE-2007-1625 describes a cross-site scripting (XSS) vulnerability in realGuestbook 5.01. The flaw resides in the save_entry.php routine, where the homepage parameter can be used by remote attackers to inject arbitrary script or HTML. The vulnerability is reachable via add_entry.php, though the o...
CVE-2007-1623
CVE-2007-1623 describes multiple XSS vulnerabilities in realGuestbook 5.01 that occur when PHP’s register_globals is enabled. Attackers can inject arbitrary script or HTML through the following parameters to welcome_admin.php: bg_color_1, fs_menu, fc_menu, ff_menu, bg_color_2, fs_normal, fc_norma...
CVE-2007-1624
Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow remote attackers to execute arbitrary SQL commands via the 1 name, 2 email, 3 homepage, and 4 text parameters to saveentry.php, as reachable through addentry.php; and possibly other unspecified parameters and files. NOTE: the...
CVE-2007-1623
Multiple cross-site scripting XSS vulnerabilities in realGuestbook 5.01, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 bgcolor1, 2 fsmenu, 3 fcmenu, 4 ffmenu, 5 bgcolor2, 6 fsnormal, 7 fcnormal, and 8 ffnormal parameters to...
CVE-2007-1625
Cross-site scripting XSS vulnerability in saveentry.php in realGuestbook 5.01 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter, as reachable through addentry.php. NOTE: the original report stated that the vulnerability was in addentry.php, which does not...