CVE-2010-4867 – W-Agora 4.2.1 - 'search.php3?bn' Traversal Local File Inclusion
https://notcve.org/view.php?id=CVE-2010-4867
Directory traversal vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bn parameter. Vulnerabilidad de salto de directorio en search.php3 (search.php) de W-Agora 4.2.1 y versiones anteriores. Permite a atacantes remotos incluir y ejecutar archivos locales arbitrarios a través de .. (punto punto) en el parámetro bn. • https://www.exploit-db.com/exploits/34905 http://securityreason.com/securityalert/8426 http://www.securityfocus.com/archive/1/514420/100/0/threaded http://www.securityfocus.com/bid/44370 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2010-4868 – W-Agora 4.2.1 - 'search.php?bn' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2010-4868
Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en search.php3 (search.php) de W-Agora 4.2.1 y versiones anteriores. Permite a usuarios remotos inyectar codigo de script web o código HTML de su elección a través del parámetro bn. • https://www.exploit-db.com/exploits/34906 http://packetstormsecurity.org/1010-exploits/wagora-lfixss.txt http://securityreason.com/securityalert/8426 http://www.securityfocus.com/archive/1/514420/100/0/threaded http://www.securityfocus.com/bid/44370 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2007-6647 – w-Agora 4.2.1 - 'cat' SQL Injection
https://notcve.org/view.php?id=CVE-2007-6647
SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. Vulnerabilidad de inyección SQL en index.php de w-Agora 4.2.1 y anteriores permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro cat. • https://www.exploit-db.com/exploits/4817 http://osvdb.org/39883 http://www.securityfocus.com/bid/27070 https://exchange.xforce.ibmcloud.com/vulnerabilities/39308 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2002-2128
https://notcve.org/view.php?id=CVE-2002-2128
editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. (dot dot) sequences in the file parameter. • http://archives.neohapsis.com/archives/bugtraq/2002-12/0222.html http://archives.neohapsis.com/archives/bugtraq/2002-12/0225.html http://www.iss.net/security_center/static/10919.php http://www.securityfocus.com/bid/6463 •
CVE-2002-2129 – W-Agora 4.1.6 - 'EditForm.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-2129
Cross-site scripting vulnerability (XSS) in editform.php for w-Agora 4.1.5 allows remote attackers to execute arbitrary web script via an arbitrary form field name containing the script, which is echoed back to the user when displaying the form. • https://www.exploit-db.com/exploits/22109 http://archives.neohapsis.com/archives/bugtraq/2002-12/0222.html http://archives.neohapsis.com/archives/bugtraq/2002-12/0225.html http://www.securityfocus.com/bid/6464 https://exchange.xforce.ibmcloud.com/vulnerabilities/10920 •