CVE-2010-0665
published 2010-02-19CVE-2010-0665: JAG (Just Another Guestbook) 1.14 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain…
PriorityP428medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.20%
80.3th percentile
JAG (Just Another Guestbook) 1.14 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for jag/database.sql.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xs4all | jag | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Xs4all JAG 1.14 jag/database.sql access control (EDB-11406 / XFDB-56228)
vuldb·2026-05-01·CVSS 5.0
CVE-2010-0665 [MEDIUM] Xs4all JAG 1.14 jag/database.sql access control (EDB-11406 / XFDB-56228)
A vulnerability labeled as problematic has been found in Xs4all JAG 1.14. Affected is an unknown function of the file jag/database.sql. Such manipulation leads to improper access controls.
This vulnerability is listed as CVE-2010-0665. The attack may be performed from remote. In addition, an exploit is available.
GHSA
GHSA-42c3-r2c7-ghj3: JAG (Just Another Guestbook) 1
ghsa_unreviewed·2022-05-02
CVE-2010-0665 [MEDIUM] GHSA-42c3-r2c7-ghj3: JAG (Just Another Guestbook) 1
JAG (Just Another Guestbook) 1.14 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for jag/database.sql.
No detection rules found.
Exploit-DB
GAMSoft TelSrv 1.5 - 'Username' Remote Buffer Overflow (Metasploit)
exploitdb·2010-06-22
CVE-2000-0665 GAMSoft TelSrv 1.5 - 'Username' Remote Buffer Overflow (Metasploit)
GAMSoft TelSrv 1.5 - 'Username' Remote Buffer Overflow (Metasploit)
---
##
# $Id: gamsoft_telsrv_username.rb 9583 2010-06-22 19:11:05Z todb $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'GAMSoft TelSrv 1.5 Username Buffer Overflow',
'Description' => %q{
This module exploits a username sprintf stack buffer overflow in GAMSoft TelSrv 1.5.
Other versions may also be affected. The service terminates after exploitation,
so you only get one chance!
},
'Author' => [ 'Patrick Webster ' ],
'Arch' => [ ARCH_X86 ],
'License' => MSF_LICENSE,
'Versio
Exploit-DB
J.A.G (Just Another Guestbook) 1.14 - Database Disclosure
exploitdb·2010-02-11
CVE-2010-0665 J.A.G (Just Another Guestbook) 1.14 - Database Disclosure
J.A.G (Just Another Guestbook) 1.14 - Database Disclosure
---
# Software Link: http://www.xs4all.nl/~crisp/jag/jag.zip
# Version: v1.14
# Tested on: Windows xp sp3
_____ _
| __ \| |
| |__) | |__ ___ _ __ ___ _ __ ___
| ___/| '_ \ / _ \ '_ \ / _/\| '_ ` _ \
| | | | | | __/ | | | (_) | | | | | |
|_| |_| |_|\___|_| |_|\/__/|_| |_| |_|
####### J.A.G (Just Another Guestbook) Database Disclosure Vulnerability #######
#
# Author : Phenom
#
# app version : 1.14
#
#################################################################################
####### Exploit #################################################################
#
# http://site.com/path/jag/database.sql
#
#################################################################################
No writeups or analysis indexed.
2010-02-19
Published