3 matches found
CVE-2006-2837
CVE-2006-2837 describes a cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book. The flaw allows remote attackers to inject arbitrary web script or HTML through certain comment fields on the Sign Our GuestBook page, most likely the x_Comments parameter to guestbookadd.asp. The conn...
CVE-2006-5640
CVE-2006-5640 describes a SQL injection in Techno Dreams Guest Book 1.0 sourced from guestbookview.asp, exploitable via the key parameter. The affected software is Techno Dreams Guest Book 1.0 (earlier versions unspecified beyond this). The form input (key) is used in SQL queries without proper s...
CVE-2005-3384
The CVE-2005-3384 entry describes an SQL injection vulnerability in Techno Dreams Guest Book script. The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. Documented impact indicates unauthenticated access with p...