CVE-2007-1178
https://notcve.org/view.php?id=CVE-2007-1178
WebAPP before 0.9.9.5 does not check access in certain contexts related to (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader, which has unknown impact and attack vectors. WebAPP anterior a 0.9.9.5 no valida el acceso en ciertos contextos relacionado con (1) Calendar Administration, (2) Instant Messages Administration, y (3) Image Uploader, lo cual tiene un impacto desconocido y vectores de ataque, • http://osvdb.org/33279 http://osvdb.org/33282 http://secunia.com/advisories/24080 http://www.securityfocus.com/bid/22563 http://www.vupen.com/english/advisories/2007/0604 http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 •
CVE-2007-1184
https://notcve.org/view.php?id=CVE-2007-1184
The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA setting of "no," which makes it easier for automated programs to submit false data. La configuración por defecto de WebAPP anterio a 0.9.9.5 tiene una configuración CAPTCHA de "no," lo cual face facil para programas automáticos enviar datos falsos. • http://osvdb.org/33294 http://secunia.com/advisories/24080 http://www.securityfocus.com/bid/22563 http://www.vupen.com/english/advisories/2007/0604 http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=250 • CWE-16: Configuration •
CVE-2006-1427 – Web-APP.net WebAPP 0.9.x - '/mods/calendar/index.cgi?vsSD' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2006-1427
Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) id, (3) num, (4) board, (5) cat, (6) real, (7) viewcat, (8) img, or (9) curcatname parameter in cgi-bin/index.cgi, or (10) vsSD parameter in /mods/calendar/index.cgi. • https://www.exploit-db.com/exploits/27562 https://www.exploit-db.com/exploits/27561 http://pridels0.blogspot.com/2006/03/webapp-multiple-xss-vuln.html http://secunia.com/advisories/19506 http://www.osvdb.org/24278 http://www.osvdb.org/24279 http://www.securityfocus.com/bid/17359 http://www.vupen.com/english/advisories/2006/1102 http://www.web-app.net/cgi-bin/index.cgi?action=downloadinfo&cat=pastversions&id=1 http://www.web-app.net/cgi-bin/index.cgi?action=re •
CVE-2005-1628 – WebAPP 0.9.9.2.1 - Remote Command Execution
https://notcve.org/view.php?id=CVE-2005-1628
apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter. • https://www.exploit-db.com/exploits/1005 https://www.exploit-db.com/exploits/1004 http://www.defacers.com.mx/advisories/3.txt http://www.securityfocus.com/archive/1/449517/100/200/threaded http://www.securityfocus.com/archive/1/449573/100/200/threaded http://www.securityfocus.com/bid/13637 http://www.soulblack.com.ar/repo/tools/sbwebapp.txt http://www.vupen.com/english/advisories/2005/0554 • CWE-20: Improper Input Validation •
CVE-2005-0927
https://notcve.org/view.php?id=CVE-2005-0927
Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has unknown impact and attack vectors, probably involving shell metacharacters or .. sequences. • http://secunia.com/advisories/14716 http://sourceforge.net/project/shownotes.php?release_id=316038 http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=195 •