Max's Guestbook Security Vulnerabilities

Design/Logic Flaw

Mavili Guestbook, as released in November 2007, allows remote attackers to edit, delete, and approve arbitrary messages via a direct request to (1) edit.asp, (2) delete.asp, or (3)...

Cross site scripting

Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) approve.asp, (2) delete.asp, (3) edit.asp, or (4)...

Improper access control

Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct...

CVE-2012-5297

SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote attackers to execute arbitrary SQL commands via the id...

CVE-2012-5296

Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) approve.asp, (2) delete.asp, (3) edit.asp, or (4)...

CVE-2012-5298

Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct...

CVE-2012-5299

Mavili Guestbook, as released in November 2007, allows remote attackers to edit, delete, and approve arbitrary messages via a direct request to (1) edit.asp, (2) delete.asp, or (3)...

Modoer. system of injection of several versions through the kill-vulnerability warning-the black bar safety net

Not to force the injection, to engage a station dig of, search it's a large station with this little impact on the issue to share learning, nonsense not say more, see our pork point~~~~~ First\core\modules\item\ajax. php start calling~ $do = trim($_GET['do']); $op = trim($_GET['op']); // allows...

CVE-2012-5103

Multiple cross-site scripting (XSS) vulnerabilities in action/add-submit.php in Ggb Guestbook 0.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) message...

CVE-2012-5103

Multiple cross-site scripting (XSS) vulnerabilities in action/add-submit.php in Ggb Guestbook 0.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) message...

Cross site scripting

Multiple cross-site scripting (XSS) vulnerabilities in action/add-submit.php in Ggb Guestbook 0.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) message...

CVE-2012-5103

Multiple cross-site scripting (XSS) vulnerabilities in action/add-submit.php in Ggb Guestbook 0.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) message...

Admidio 2.3.5 Multiple security vulnerabilities

Advisory: Admidio 2.3.5 Multiple security vulnerabilities Advisory ID: SSCHADV2012-019 Author: Stefan Schurtz Affected Software: Successfully tested on Admidio 2.3.5 Vendor URL: http://www.admidio.org/ Vendor Status: fixed ========================== Vulnerability...

Unfixed XSS vulnerability at www.hotel-pension-theresia.at

Security researcher Cr4t3r, has submitted on 09/02/2012 a cross-site-scripting (XSS) vulnerability affecting www.hotel-pension-theresia.at, which at the time of submission ranked 9021362 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...

Admidio 2.3.5 Multiple security vulnerabilities

Exploit for php platform in category web...

Admidio 2.3.5 - Multiple Vulnerabilities

Admidio 2.3.5 - Multiple...

Admidio 2.3.5 - Multiple Vulnerabilities

...

Admidio 2.3.5 Cross Site Scripting / SQL Injection

...

[CVE-2012-3873] Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities

Title###: Openconstructor CMS 3.12.0 'id' parameter multiple SQL injection vulnerabilities Affected Software###: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list http://esectorsolutions.com/about/whats-new/esector-news/detailed/?id=234 Description###:...

Openconstructor CMS 3.12.0 - id Multiple SQL Injections

Openconstructor CMS 3.12.0 - id Multiple SQL...

Openconstructor CMS 3.12.0 \'id\' Parameter Multiple SQL Injection

Exploit for php platform in category web...

Openconstructor CMS 3.12.0 - 'id' Multiple SQL Injections

...

Openconstructor CMS 3.12.0 SQL Injection

...

Its great foreign trade enterprise website management system multi-Agency high-risk vulnerabilities-vulnerability warning-the black bar safety net

Author: invincible gold record administration Affected versions: its great foreign trade enterprise website management system Studio edition v2. 7beat Download: http://down.chinaz.com/soft/30850.htm ① The guestbook to any user database plug horse Vulnerability files/cn/guestbook. asp Because...

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks,...

MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities

Advisory: MGB OpenSource Guestbook 0.6.9.1 Multiple security vulnerabilities Advisory ID: SSCHADV2012-017 Author: Stefan Schurtz Affected Software: Successfully tested on MGB OpenSource Guestbook 0.6.9.1 Vendor URL: http://www.m-gb.org Vendor Status: fixed ========================== Vulnerability.....

Hair red highlight personal website management system v1. 0. 0 to be implanted back door+injection+background holding Station-vulnerability warning-the black bar safety net

Author: invincible gold record administration Affected version: hair is red and bright personal website management system v1. 0. 0 Download: http://down.chinaz.com/soft/30614.htm First talk about this system right, the author seems to be very narcissistic, guestbook and everywhere the left is...

gComm - Simple Guestbook 0.1 <= Database Backup Disclosure Vulnerability

Exploit for php platform in category web...

MGB OpenSource Guestbook 0.6.9.1 Cross Site Scripting / SQL Injection

Exploit for php platform in category web...

MGB OpenSource Guestbook 0.6.9.1 Cross Site Scripting / SQL Injection

...

Funeral Script PHP Cross Site Scripting / SQL Injection

Exploit for php platform in category web...

Funeral Script PHP Cross Site Scripting / SQL Injection

...

GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilites

Title: GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilites Date: 2012-06-11 References: http://www.vulnerability-lab.com/get_content.php?id=601 VL-ID: 601 Common Vulnerability Scoring System: 7.5 Introduction: GuestBook Script PHP is a script that is very easy to install, administer and use...

Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks,...

Guestbook Scripts PHP 1.5 - Multiple Vulnerabilities

Guestbook Scripts PHP 1.5 - Multiple...

Guestbook Scripts PHP 1.5 - Multiple Vulnerabilities

...

GuestBook Scripts PHP 1.5 Cross Site Scripting / SQL Injection

...

GuestBook Scripts PHP v1.5 - Multiple Vulnerabilities

Exploit for php platform in category web...

Funeral Script PHP - Multiple Web Vulnerabilities

...

Funeral Script PHP - Multiple Web Vulnerabilities

...

GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilities

...

GuestBook Scripts PHP v1.5 - Multiple Web Vulnerabilities

...

Concrete 5.5.21 XSS / CSRF / Path Disclosure

...

seditio-build170.20120302_sql_injection_CSRF_info_disclosure_XSS.txt

============================================================ Vulnerable Software: Seditio 170 (seditio-build170.20120302) Downloaded from:http://www.neocrome.net/files/code/seditio-build170.20120302.rar (MD5 SUM:beb6adc6abb56f947698c1efdbae9430 seditio-build170.20120302.rar)...

Agit-Run20 Guestbook SQL injection Vulnerability

Exploit for asp platform in category web...

Seditio 170 Cross Site Request Forgery / SQL Injection

...

w-CMS 2.0.1 CSRF / XSS / File Disclosure / Shell Upload

...

w-CMS 2.0.1 - Multiple Vulnerabilities

w-CMS 2.0.1 - Multiple...

w-CMS 2.0.1 - Multiple Vulnerabilities

...

Lastguru ASP GuestBook &#39;View.asp&#39; - SQL Injection Vulnerability

Title: Lastguru ASP GuestBook 'View.asp' - SQL Injection Vulnerability Product : Lastguru ASP GuestBook Version : Free Version Vendor: http://www.LastGuru.com Class: Input Validation Error CVE: Remote: Yes Local: No Published: 2012-03-04 Updated: Impact : Medium (CVSSv2 Base : 7.5,...