lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 1 Oct 2007 13:12:40 -0000
Subject: New Advisory:  X-script GuestBook

New Advisory:
X-script GuestBook

Software: x-script GuestBook
Sowtware's Web Site:
Versions: 1.3a
Critical Level: Moderate
Type: Multiple Vulnerabilities
Class: Remote
Status: Unpatched
PoC/Exploit: Not Available
Solution: Not Available
Discovered by:

1. SQL Injection.

Vulnerable script: mes_add.php

Parameters 'name', 'email', 'icq', 'website' is not
properly sanitized before being used in SQL query. This can be used to
make SQL queries by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

Waiting for developer(s) reply.

No Patch available.

Discovered by:

Powered by blists - more mailing lists