CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2007-1605
https://notcve.org/view.php?id=CVE-2007-1605
22 Mar 2007 — w-Agora (Web-Agora) allows remote attackers to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4) an empty value of the bn[] parameter; a request to index.php with a certain value of the (5) site[] or (6) sort[] parameter; (7) a request to profile.php with an empty value of the site[] parameter; or a request to search.php with (8) an empty value of the bn[] parameter or a certain value of the (9) pattern[] o... • http://osvdb.org/34380 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2007-1606 – W-Agora 4.2.1 - 'change_password.php?userid' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1606
22 Mar 2007 — Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid parameter to change_password.php. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en w-Agora (Web-Agora) permiten a atacantes remotos inyectar scripts web o HTML de su elección mediante (1) el parámetro showuser en ... • https://www.exploit-db.com/exploits/29766 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2007-1607
https://notcve.org/view.php?id=CVE-2007-1607
22 Mar 2007 — search.php in w-Agora (Web-Agora) allows remote attackers to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error. search.php in w-Agora (Web-Agora) permite a atacantes remotos obtener información confidencial potencial mediante un valor ' (comilla) seguido de sentencias SQL concretas en el parámetro (1) search_forum ó (2) search_user, que fuerzan un error SQL. • http://osvdb.org/34376 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2007-0606
https://notcve.org/view.php?id=CVE-2007-0606
21 Mar 2007 — w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error message. w-agora 4.2.1 permite a atacantes remotos obtener información sensible mediante (1)el parámetro matriz bn[] en el index.php,que espera una cadena y (2) ciertos parámetros del delete_forum.php que muestran el nombre de la ruta en el resultado de un mensaje de ... • http://securityreason.com/securityalert/2461 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2007-0607
https://notcve.org/view.php?id=CVE-2007-0607
20 Mar 2007 — W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request. W-Agora (Web-Agora) 4.2.1, cuando register_globals está activado, almacena globals.inc bajo la raíz de documentos web con control de acceso insuficiente, lo cual permite a atacantes remotos obtener información sobre la ruta de la aplicación mediante una petición directa. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/053054.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2006-2228 – W-Agora 4.2 - BBCode Script Injection
https://notcve.org/view.php?id=CVE-2006-2228
05 May 2006 — Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, which bypasses a restrictive regular expression that attempts to remove onmouseover and other events. • https://www.exploit-db.com/exploits/27783 •
CVSS: 7.5EPSS: 9%CPEs: 1EXPL: 5CVE-2005-2648 – W-Agora 4.2 - 'Site' Directory Traversal
https://notcve.org/view.php?id=CVE-2005-2648
21 Aug 2005 — Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers to read arbitrary files via the site parameter. • https://www.exploit-db.com/exploits/26169 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2004-1562 – W-Agora 4.1.6 - 'a redir_url.php?key' SQL Injection
https://notcve.org/view.php?id=CVE-2004-1562
31 Dec 2004 — SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter. • https://www.exploit-db.com/exploits/24648 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 5CVE-2004-1563 – W-Agora 4.1.6 - 'a download_thread.php?thread' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-1563
31 Dec 2004 — Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php. • https://www.exploit-db.com/exploits/24650 •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 3CVE-2004-1564 – W-Agora 4.1.6a - 'subscribe_thread.php' HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2004-1564
31 Dec 2004 — CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter. • https://www.exploit-db.com/exploits/24651 •