CVSS: 5.0EPSS: 3%CPEs: 1EXPL: 3CVE-2004-1564 – W-Agora 4.1.6a - 'subscribe_thread.php' HTTP Response Splitting
https://notcve.org/view.php?id=CVE-2004-1564
CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter. • https://www.exploit-db.com/exploits/24651 http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/027040.html http://marc.info/?l=bugtraq&m=109655691512298&w=2 http://secunia.com/advisories/12695 http://securitytracker.com/id?1011463 http://www.securityfocus.com/bid/11283 https://exchange.xforce.ibmcloud.com/vulnerabilities/17558 •
CVSS: 5.0EPSS: 5%CPEs: 3EXPL: 4CVE-2002-1878 – W-Agora 4.1.x - Remote File Inclusion
https://notcve.org/view.php?id=CVE-2002-1878
PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote attackers to execute arbitrary PHP code via the inc_dir parameter. • https://www.exploit-db.com/exploits/21529 http://archives.neohapsis.com/archives/bugtraq/2002-06/0055.html http://www.ifrance.com/kitetoua/tuto/W-Agora.txt http://www.iss.net/security_center/static/9317.php http://www.securityfocus.com/bid/4977 http://www.w-agora.net/current/view.php?site=support&bn=support_dl&key=1023878911&first=1023878911&last=957369563 •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2002-2128
https://notcve.org/view.php?id=CVE-2002-2128
editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. (dot dot) sequences in the file parameter. • http://archives.neohapsis.com/archives/bugtraq/2002-12/0222.html http://archives.neohapsis.com/archives/bugtraq/2002-12/0225.html http://www.iss.net/security_center/static/10919.php http://www.securityfocus.com/bid/6463 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2002-2129 – W-Agora 4.1.6 - 'EditForm.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-2129
Cross-site scripting vulnerability (XSS) in editform.php for w-Agora 4.1.5 allows remote attackers to execute arbitrary web script via an arbitrary form field name containing the script, which is echoed back to the user when displaying the form. • https://www.exploit-db.com/exploits/22109 http://archives.neohapsis.com/archives/bugtraq/2002-12/0222.html http://archives.neohapsis.com/archives/bugtraq/2002-12/0225.html http://www.securityfocus.com/bid/6464 https://exchange.xforce.ibmcloud.com/vulnerabilities/10920 •