Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
guestbook vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2012-5296
Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote malicious users to inject arbitrary web script or HTML via the id parameter to (1) approve.asp, (2) delete.asp, (3) edit.asp, or (4) edit2.asp.
Mavili Guestbook Project Mavili Guestbook -
7.5
CVSSv2
CVE-2012-5297
SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Mavili Guestbook Project Mavili Guestbook -
5
CVSSv2
CVE-2012-5298
Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote malicious users to read the database via a direct request.
Mavili Guestbook Project Mavili Guestbook -
7.5
CVSSv2
CVE-2012-5299
Mavili Guestbook, as released in November 2007, allows remote malicious users to edit, delete, and approve arbitrary messages via a direct request to (1) edit.asp, (2) delete.asp, or (3) approve.asp.
Mavili Guestbook Project Mavili Guestbook -
5.1
CVSSv2
CVE-2007-0609
Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote malicious users to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. (dot dot) in a lang cookie, followed by a filename without its .php extensio...
Advanced Guestbook Advanced Guestbook 2.4.2
1 EDB exploit
7.5
CVSSv2
CVE-2007-0530
Multiple PHP remote file inclusion vulnerabilities in Advanced Guestbook 2.4.2 allow remote malicious users to execute arbitrary PHP code via a URL in the include_path parameter to (1) index.php, (2) addentry.php, or (3) picture.php, a different set of vectors than CVE-2006-5804....
Advanced Guestbook Advanced Guestbook 2.4.2
7.5
CVSSv2
CVE-2005-3588
SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 allows remote malicious users to execute arbitrary SQL commands and gain privileges via the username field.
Advanced Guestbook Advanced Guestbook 2.2
5.1
CVSSv2
CVE-2006-6487
Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook (dt_guestbook) 1.0f, when register_globals is enabled, allows remote malicious users to inject arbitrary web script or HTML via the error[] parameter.
Dt Guestbook Dt Guestbook 1.0f
1 EDB exploit
4.3
CVSSv2
CVE-2006-3568
Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php in Fantastic Guestbook 2.0.1, and possibly earlier versions, allow remote malicious users to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) nickname parameters.
Fantastic Guestbook Project Fantastic Guestbook 2.0.1
1 EDB exploit
4.3
CVSSv2
CVE-2017-20089
A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The attack may be initiated remotely.
Gwolle Guestbook Project Gwolle Guestbook 1.7.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »