VYPR

Guestbook

by Ftls

CVEs (8)

  • CVE-2007-2093Apr 18, 2007
    risk 0.07cvss epss 0.46

    Direct static code injection vulnerability in index.php in Limesoft Guestbook (LS Simple Guestbook) 1.0 allows remote attackers to inject arbitrary PHP code into posts.txt via the message parameter.

  • CVE-2002-0730Aug 12, 2002
    risk 0.04cvss epss 0.07

    Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as (1) Name, (2) EMail, or (3) Homepage.

  • CVE-2003-1348Dec 31, 2003
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field.

  • CVE-2003-1136Oct 23, 2003
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute in an e-mail address or URL.

  • CVE-2007-2101Apr 18, 2007
    risk 0.00cvss epss 0.02

    FAC Guestbook 3.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/gbdb.mdb. NOTE: the provenance of this information is unknown; the details are obtained solely…

  • CVE-2006-6279Dec 4, 2006
    risk 0.00cvss epss 0.01

    index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain sensitive information via a skin parameter referencing a nonexistent skin, which reveals the installation path in an error message.

  • CVE-2005-3517Nov 6, 2005
    risk 0.00cvss epss 0.01

    Chipmunk Scripts Guestbook allows remote attackers to obtain the installation path of the script via a URL that causes an error message to be displayed, such as a URL that contains a single quote (') in the start parameter of index.php.

  • CVE-2005-1685May 20, 2005
    risk 0.00cvss epss 0.02

    episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct request to admin.asp.