Omnipresent

**Name of the Vulnerable Software and Affected Versions** Grayscale Blog versions 0.8.0 and earlier **Description** A SQL injection issue might allow remote attackers to execute arbitrary SQL commands. This is possible via the `id` parameter to "userdetail.php", the `url` parameter to "jump.php", and the `id` variable to "detail.php". **Recommendations** For Grayscale Blog versions 0.8.0 and earlier, avoid using the `id` parameter in "userdetail.php" and the `id` variable in "detail.php", and restrict the `url` parameter in "jump.php" until a fix is available.

**Name of the Vulnerable Software and Affected Versions** Micro GuestBook (affected versions not specified) **Description** The issue is related to a cross-site scripting (XSS) vulnerability in the index.php file of Micro GuestBook. This vulnerability allows remote attackers to execute arbitrary SQL commands by injecting malicious input into the `name` or `comment` ("text") fields. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** vlbook version 1.02 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `message` parameter in the "index.php" file. This could potentially lead to unauthorized actions on the affected system. **Recommendations** For vlbook version 1.02, consider restricting access to the `message` parameter in the "index.php" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ASPScriptz Guest Book versions 2.0 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via several form fields in the submit.asp file. The vulnerable parameters are `GBOOK UNAME`, `GBOOK EMAIL`, `GBOOK CITY`, `GBOOK COU`, `GBOOK WWW`, and `GBOOK MESS`. **Recommendations** For ASPScriptz Guest Book versions 2.0 and earlier, consider validating and sanitizing user input for the `GBOOK UNAME`, `GBOOK EMAIL`, `GBOOK CITY`, `GBOOK COU`, `GBOOK WWW`, and `GBOOK MESS` form fields to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Dusan Drobac CodeAvalanche FreeForum (aka CAForum) version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `password` parameter in the admin/default.asp file. **Recommendations** For version 1.0, avoid using the `password` parameter in the admin/default.asp file until the issue is resolved. As a temporary workaround, consider restricting access to the admin/default.asp file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Scriptsez Cute Guestbook version 20060211 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `Comments` field when signing the guestbook. This could potentially lead to unauthorized actions on the website. **Recommendations** For Scriptsez Cute Guestbook version 20060211, as a temporary workaround, consider disabling the comments feature until a patch is available. Restrict access to the guestbook signing functionality to minimize the risk of exploitation. Avoid using the `Comments` field in the guestbook until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Bloggage (affected versions not specified) **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in the check login.asp file, specifically via the `acc name` and `password` parameters. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.