CVSS: 5.9EPSS: 1%CPEs: 1EXPL: 1CVE-2020-25605
https://notcve.org/view.php?id=CVE-2020-25605
17 Feb 2021 — Cleartext transmission of sensitive information in Agora Video SDK prior to 3.1 allows a remote attacker to obtain access to audio and video of any ongoing Agora video call through observation of cleartext network traffic. La transmisión en texto sin cifrar de información confidencial en Agora Video SDK anterior a versión 3.1, permite a un atacante remoto obtener acceso al audio y video de cualquier videollamada de Agora en curso mediante la observación del tráfico de red en texto sin cifrar • https://docs.agora.io/en/Agora%20Platform/downloads • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6559
https://notcve.org/view.php?id=CVE-2017-6559
09 Mar 2017 — XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack. Vulnerabilidad de XSS en Agora-Project 3.2.2 existe con un ataque index.php?disconnect=1&msgNotif[]=[XSS]. • http://www.securityfocus.com/bid/96940 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6560
https://notcve.org/view.php?id=CVE-2017-6560
09 Mar 2017 — XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack. Vulnerabilidad de XSS en Agora-Project 3.2.2 existe con un ataque index.php?ctrl=misc&action=[XSS]&editObjId=[XSS]. • http://www.securityfocus.com/bid/96940 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6561
https://notcve.org/view.php?id=CVE-2017-6561
09 Mar 2017 — XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack. Vulnerabilidad de XSS en Agora-Project 3.2.2 existe con un ataque index.php?ctrl=object&action=[XSS]. • http://www.securityfocus.com/bid/96940 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-6562
https://notcve.org/view.php?id=CVE-2017-6562
09 Mar 2017 — XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack. Vulnerabilidad de XSS en Agora-Project 3.2.2 existe con un ataque index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS]. • http://www.securityfocus.com/bid/96940 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 3%CPEs: 16EXPL: 2CVE-2010-4867 – W-Agora 4.2.1 - 'search.php3?bn' Traversal Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-4867
05 Oct 2011 — Directory traversal vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bn parameter. Vulnerabilidad de salto de directorio en search.php3 (search.php) de W-Agora 4.2.1 y versiones anteriores. Permite a atacantes remotos incluir y ejecutar archivos locales arbitrarios a través de .. (punto punto) en el parámetro bn. • https://www.exploit-db.com/exploits/34905 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 2%CPEs: 16EXPL: 3CVE-2010-4868 – W-Agora 4.2.1 - 'search.php?bn' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4868
05 Oct 2011 — Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en search.php3 (search.php) de W-Agora 4.2.1 y versiones anteriores. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del parámetro bn. • https://www.exploit-db.com/exploits/34906 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 10CVE-2008-1466 – W-Agora 4.0 - 'add_user.php?bn_dir_default' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2008-1466
24 Mar 2008 — Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de inclusi... • https://www.exploit-db.com/exploits/31449 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-6647 – w-Agora 4.2.1 - 'cat' SQL Injection
https://notcve.org/view.php?id=CVE-2007-6647
04 Jan 2008 — SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. Vulnerabilidad de inyección SQL en index.php de w-Agora 4.2.1 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cat. • https://www.exploit-db.com/exploits/4817 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 2CVE-2007-1604 – W-Agora 4.2.1 - Multiple Arbitrary File Upload Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-1604
22 Mar 2007 — Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using browse_avatar.php to upload a file with a double extension, as demonstrated by .php.jpg. Múltiples vulnerabilidades de promoción de ficheros no restringida en w-Agora (Web-Agora) permiten a atacantes remotos promocionar y ejecutar código PHP de su elección (1) med... • https://www.exploit-db.com/exploits/29763 •