w-agora.txt

http://www.maxpatrol.com/mpadvisory.asp Title: Multiple vulnerabilities in w-agora forum Date: 28.09.04 Severity: Medium Application: w-agora 4.1.6a, http://www.w-agora/en/download.php Platform: PHP I. DESCRIPTION Multiple vulnerabilities were found in w-agora forum. A remote user can conduct SQL...

WordPress Core 1.2 - 'wp-login.php' HTTP Response Splitting

source: https://www.securityfocus.com/bid/11348/info Wordpress is reported prone to a HTTP response splitting vulnerability. The issue presents itself due to a flaw in the affected script that allows an attacker to manipulate how GET requests are handled. A remote attacker may exploit this...

DCP-Portal 3.74.x5.x - calendar.php HTTP Response Splitting

DCP-Portal 3.74.x5.x - calendar.php HTTP Response Splitting source: https://www.securityfocus.com/bid/11340/info DCP-Portal is reported prone to a HTTP response splitting vulnerability. The issue presents itself due to a flaw in the affected script that allows an attacker to manipulate how GET...

DCP-Portal 3.7/4.x/5.x - 'calendar.php' HTTP Response Splitting

source: https://www.securityfocus.com/bid/11340/info DCP-Portal is reported prone to a HTTP response splitting vulnerability. The issue presents itself due to a flaw in the affected script that allows an attacker to manipulate how GET requests are handled. A remote attacker may exploit this...

W-Agora Multiple Input Validation Vulnerabilities

Binary data 2339.prm...

w-Agora 4.1.6a Multiple Input Validation Vulnerabilities

The remote host is running w-agora, a web-based forum management software written in PHP. There are multiple input validation flaws in the remote version of this software : - There is a SQL injection vulnerability in the file 'redirurl.php' that could allow an attacker to execute arbitrary SQL...

W-Agora 4.1.6 - a download_thread.php?thread Cross-Site Scripting

W-Agora 4.1.6 - a downloadthread.php?thread Cross-Site Scripting source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these...

W-Agora 4.1.6 - a forgot_password.php?userid Cross-Site Scripting

W-Agora 4.1.6 - a forgotpassword.php?userid Cross-Site Scripting source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these...

W-Agora 4.1.6a - login.php?loginuser Cross-Site Scripting

W-Agora 4.1.6a - login.php?loginuser Cross-Site Scripting source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these...

W-Agora 4.1.6 - a redir_url.php?key SQL Injection

W-Agora 4.1.6 - a redirurl.php?key SQL Injection source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to...

W-Agora 4.1.6a - subscribe_thread.php HTTP Response Splitting

W-Agora 4.1.6a - subscribethread.php HTTP Response Splitting source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these...

[Full-Disclosure] Multiple vulnerabilities in w-agora forum

http://www.maxpatrol.com/mpadvisory.asp Title: Multiple vulnerabilities in w-agora forum Date: 28.09.04 Severity: Medium Application: w-agora 4.1.6a, http://www.w-agora/en/download.php Platform: PHP I. DESCRIPTION Multiple vulnerabilities were found in w-agora forum. A remote user can conduct SQL...

W-Agora 4.1.6 - 'a redir_url.php?key' SQL Injection

source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, a...

W-Agora 4.1.6 - 'a forgot_password.php?userid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, a...

W-Agora 4.1.6a - 'subscribe_thread.php' HTTP Response Splitting

source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, a...

W-Agora 4.1.6a - 'login.php?loginuser' Cross-Site Scripting

source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, a...

PD9 Software MegaBBS 2.02.1 - view-profile.asp Multiple SQL Injections

PD9 Software MegaBBS 2.02.1 - view-profile.asp Multiple SQL Injections source: https://www.securityfocus.com/bid/11253/info MegaBBS is reported prone to multiple vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry out HTTP...

PD9 Software MegaBBS 2.02.1 - ladder-log.asp Multiple SQL Injections

PD9 Software MegaBBS 2.02.1 - ladder-log.asp Multiple SQL Injections source: https://www.securityfocus.com/bid/11253/info MegaBBS is reported prone to multiple vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry out HTTP...

PD9 Software MegaBBS 2.02.1 - thread-post.asp Multiple Header CRLF Injections

PD9 Software MegaBBS 2.02.1 - thread-post.asp Multiple Header CRLF Injections source: https://www.securityfocus.com/bid/11253/info MegaBBS is reported prone to multiple vulnerabilities. These issues exist due to insufficient sanitization of user-supplied data and may allow an attacker to carry ou...

[Full-Disclosure] HTTP Response Splitting and SQL injection in megabbs forum

URL: http://www.pd9soft.com Tested megabbs 2.1 1. HTTP Response Splitting http://www.pd9soft.com/megabbs/forums/thread-post.asp?action=writenew&fid=0 d0aContent-Length:2000d0a0d0aHTTP/1.02020020OK0d0aContent-Type:20 text/html0d0aContent-Length:20330d0a0d0a3chtml3eScanned20by20Maxp...