CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 2CVE-2007-1604 – W-Agora 4.2.1 - Multiple Arbitrary File Upload Vulnerabilities
https://notcve.org/view.php?id=CVE-2007-1604
Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using browse_avatar.php to upload a file with a double extension, as demonstrated by .php.jpg. Múltiples vulnerabilidades de promoción de ficheros no restringida en w-Agora (Web-Agora) permiten a atacantes remotos promocionar y ejecutar código PHP de su elección (1) mediante un mensaje de foro con un fichero adjunto, que se almacena bajo forums/hello/hello/notes/ ó (2) usando browse_avatar.php para promocionar un fichero con doble extensión, como se demuestra con .php.jpg. • https://www.exploit-db.com/exploits/29763 http://osvdb.org/34383 http://osvdb.org/34384 http://secunia.com/advisories/24605 http://securityreason.com/securityalert/2462 http://www.securityfocus.com/archive/1/463286/100/0/threaded http://www.securityfocus.com/bid/23055 https://exchange.xforce.ibmcloud.com/vulnerabilities/33173 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2007-1607
https://notcve.org/view.php?id=CVE-2007-1607
search.php in w-Agora (Web-Agora) allows remote attackers to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error. search.php in w-Agora (Web-Agora) permite a atacantes remotos obtener información confidencial potencial mediante un valor ' (comilla) seguido de sentencias SQL concretas en el parámetro (1) search_forum ó (2) search_user, que fuerzan un error SQL. • http://osvdb.org/34376 http://secunia.com/advisories/24605 http://securityreason.com/securityalert/2462 http://www.securityfocus.com/archive/1/463286/100/0/threaded http://www.securityfocus.com/bid/23057 https://exchange.xforce.ibmcloud.com/vulnerabilities/33177 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2007-1605
https://notcve.org/view.php?id=CVE-2007-1605
w-Agora (Web-Agora) allows remote attackers to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4) an empty value of the bn[] parameter; a request to index.php with a certain value of the (5) site[] or (6) sort[] parameter; (7) a request to profile.php with an empty value of the site[] parameter; or a request to search.php with (8) an empty value of the bn[] parameter or a certain value of the (9) pattern[] or (10) search_date[] parameter, which reveal the path in various error messages, probably related to variable type inconsistencies. NOTE: the bn[] parameter to index.php is already covered by CVE-2007-0606.1. w-Agora (Web-Agora) permite a atacantes remotos obtener información confidencial mediante una petición a rss.php con (1) parámetro inválido site ó (2) parámetro inválido bn, (3) valor concreto de parámetro site[], ó (4) valor vacío de parámetro bn[]; una petición a index.php con valor concreto de (5) parámetro site[] ó (6) parámetro sort[]; (7) una petición a profile.php with von valor vacío de parámetro site[] ; ó una petición a search.php con (8) valor vacío de parámetro bn[] ó valor concreto de (9) parámetro pattern[] ó (10) parámetro search_date[], que revela la ruta en varios mensajes de error, probablemente relacionados con inconsistencias de tipo de variable NOTE: el parámetro bn[] en index.php está cubierto por CVE-2007-0606.1. • http://osvdb.org/34380 http://osvdb.org/34381 http://osvdb.org/34382 http://secunia.com/advisories/24605 http://securityreason.com/securityalert/2462 http://www.securityfocus.com/archive/1/463286/100/0/threaded http://www.securityfocus.com/bid/23057 https://exchange.xforce.ibmcloud.com/vulnerabilities/33174 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2007-0606
https://notcve.org/view.php?id=CVE-2007-0606
w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error message. w-agora 4.2.1 permite a atacantes remotos obtener información sensible mediante (1)el parámetro matriz bn[] en el index.php,que espera una cadena y (2) ciertos parámetros del delete_forum.php que muestran el nombre de la ruta en el resultado de un mensaje de error. • http://securityreason.com/securityalert/2461 http://www.netvigilance.com/advisory0014 http://www.osvdb.org/31668 http://www.osvdb.org/31669 http://www.securityfocus.com/archive/1/463213/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/33076 •
CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 1CVE-2007-0607
https://notcve.org/view.php?id=CVE-2007-0607
W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request. W-Agora (Web-Agora) 4.2.1, cuando register_globals está activado, almacena globals.inc bajo la raíz de documentos web con control de acceso insuficiente, lo cual permite a atacantes remotos obtener información sobre la ruta de la aplicación mediante una petición directa. w-agora version 4.2.1 suffers from an information disclosure vulnerability. • http://lists.grok.org.uk/pipermail/full-disclosure/2007-March/053054.html http://securityreason.com/securityalert/2465 http://www.netvigilance.com/advisory0015 http://www.osvdb.org/31670 http://www.securityfocus.com/archive/1/463215/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/33073 •