2 matches found
CVE-2006-2837
CVE-2006-2837 describes a cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book. The flaw allows remote attackers to inject arbitrary web script or HTML through certain comment fields on the Sign Our GuestBook page, most likely the x_Comments parameter to guestbookadd.asp. The conn...
CVE-2005-3384
The CVE-2005-3384 entry describes an SQL injection vulnerability in Techno Dreams Guest Book script. The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. Documented impact indicates unauthenticated access with p...