NotCVE - vendor:"W-agora"

19 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 2

CVE-2010-4867 – W-Agora 4.2.1 - 'search.php3?bn' Traversal Local File Inclusion

https://notcve.org/view.php?id=CVE-2010-4867

Directory traversal vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bn parameter. Vulnerabilidad de salto de directorio en search.php3 (search.php) de W-Agora 4.2.1 y versiones anteriores. Permite a atacantes remotos incluir y ejecutar archivos locales arbitrarios a través de .. (punto punto) en el parámetro bn. • https://www.exploit-db.com/exploits/34905 http://securityreason.com/securityalert/8426 http://www.securityfocus.com/archive/1/514420/100/0/threaded http://www.securityfocus.com/bid/44370 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 3

CVE-2010-4868 – W-Agora 4.2.1 - 'search.php?bn' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2010-4868

Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en search.php3 (search.php) de W-Agora 4.2.1 y versiones anteriores. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del parámetro bn. • https://www.exploit-db.com/exploits/34906 http://packetstormsecurity.org/1010-exploits/wagora-lfixss.txt http://securityreason.com/securityalert/8426 http://www.securityfocus.com/archive/1/514420/100/0/threaded http://www.securityfocus.com/bid/44370 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 10

CVE-2008-1466 – W-Agora 4.0 - 'add_user.php?bn_dir_default' Remote File Inclusion

https://notcve.org/view.php?id=CVE-2008-1466

Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php, and (9) reorder_forums.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de inclusión de archivos PHP remotos en W-Agora 4.0 permiten a atacantes remotos ejecutar código PHP de su elección a través de un URL en el parámetro bn_dir_default a 1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) edit_forum.php, (7) mail_users.php, (8) moderate_notes.php y (9) reorder_forums.php. NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • https://www.exploit-db.com/exploits/31449 https://www.exploit-db.com/exploits/31450 https://www.exploit-db.com/exploits/31452 https://www.exploit-db.com/exploits/31451 https://www.exploit-db.com/exploits/31453 https://www.exploit-db.com/exploits/31454 https://www.exploit-db.com/exploits/31455 https://www.exploit-db.com/exploits/31457 https://www.exploit-db.com/exploits/31456 http://www.securityfocus.com/bid/28366 https://exchange.xforce.ibmcloud.com/vulnerabilities • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2007-6647 – w-Agora 4.2.1 - 'cat' SQL Injection

https://notcve.org/view.php?id=CVE-2007-6647

SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. Vulnerabilidad de inyección SQL en index.php de w-Agora 4.2.1 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cat. • https://www.exploit-db.com/exploits/4817 http://osvdb.org/39883 http://www.securityfocus.com/bid/27070 https://exchange.xforce.ibmcloud.com/vulnerabilities/39308 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 3

CVE-2007-1606 – W-Agora 4.2.1 - 'change_password.php?userid' Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2007-1606

Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid parameter to change_password.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en w-Agora (Web-Agora) permiten a atacantes remotos inyectar scripts web o HTML de su elección mediante (1) el parámetro showuser en profile.php (2) el parámetro search_forum ó (3) el parámetro search_user en search.php, ó (4) el parámetro userid en change_password.php. • https://www.exploit-db.com/exploits/29766 https://www.exploit-db.com/exploits/29764 https://www.exploit-db.com/exploits/29765 http://osvdb.org/34377 http://osvdb.org/34378 http://osvdb.org/34379 http://secunia.com/advisories/24605 http://securityreason.com/securityalert/2462 http://www.securityfocus.com/archive/1/463286/100/0/threaded http://www.securityfocus.com/bid/23057 https://exchange.xforce.ibmcloud.com/vulnerabilities/33175 •

1 2 3 4