Lucene search
K

1225 matches found

Prion
Prion
added 2007/06/26 11:30 p.m.17 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the 1 processsearch or 2...

4.3CVSS6AI score0.01022EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2007/06/26 11:30 p.m.17 views

Design/Logic Flaw

The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors...

7.5CVSS7.3AI score0.01126EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2007/06/26 11:30 p.m.13 views

CVE-2007-3424

The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors...

7.5CVSS6.6AI score0.01126EPSS
Exploits0References3
NVD
NVD
added 2007/06/26 11:30 p.m.25 views

CVE-2007-3421

The 1 login, 2 admin profile edit, 3 reminder, 4 edit profile, 5 profile view, 6 gallery view, 7 gallery comment, and 8 gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors...

7.5CVSS6.7AI score0.01126EPSS
Exploits0References3
Prion
Prion
added 2007/06/26 11:30 p.m.18 views

Design/Logic Flaw

The displaypost function in cgi-bin/cgi-lib/forumdisplay.pl in web-app.org WebAPP before 0.9.9.7 does not display usernames in conjunction with real names, which makes it easier for remote authenticated users to impersonate other users...

6.5CVSS6.8AI score0.01096EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2007/06/26 11:30 p.m.16 views

CVE-2007-3423

cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the 1 imview2 or 2 imview3 function reads a an internal IM, or a message from a b guest or c removed member, which has unknown impact and...

7.5CVSS6.7AI score0.01126EPSS
Exploits0References3
Prion
Prion
added 2007/06/26 11:30 p.m.18 views

Design/Logic Flaw

cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the 1 imview2 or 2 imview3 function reads a an internal IM, or a message from a b guest or c removed member, which has unknown impact and...

7.5CVSS7.3AI score0.01126EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2007/06/26 11:0 p.m.44 views

CVE-2007-3417

CVE-2007-3417 covers multiple XSS vulnerabilities in the WebAPP web-app.org CGI module: cgi-bin/cgi-lib/search.pl, where a non-sanitized search string is echoed into an HREF attribute by process_search or show_recent_searches. The issue affects WebAPP prior to version 0.9.9.7 and allows remote at...

4.3CVSS5.7AI score0.01022EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2007/06/26 11:0 p.m.20 views

CVE-2007-3418

The displaypost function in cgi-bin/cgi-lib/forumdisplay.pl in web-app.org WebAPP before 0.9.9.7 does not display usernames in conjunction with real names, which makes it easier for remote authenticated users to impersonate other users...

6.3AI score0.01096EPSS
Exploits0References3
Cvelist
Cvelist
added 2007/06/26 11:0 p.m.21 views

CVE-2007-3419

The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org WebAPP before 0.9.9.7 does not properly check the 1 themes.dat, 2 languages.dat, 3 profession.dat, 4 gen.dat, 5 marstat.dat, 6 states.dat, and 7 ages.dat files before saving profile settings of members, which has unknown impact a...

6.7AI score0.01126EPSS
Exploits0References3
Cvelist
Cvelist
added 2007/06/26 11:0 p.m.24 views

CVE-2007-3420

The Random Cookie Password functionality in the loaduser function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 does not clear the 1 username, 2 password, 3 usertheme, and 4 userlang cookies for unauthorized users, which has unknown impact and remote attack vectors...

6.7AI score0.01126EPSS
Exploits0References3
Cvelist
Cvelist
added 2007/06/26 11:0 p.m.23 views

CVE-2007-3423

cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the 1 imview2 or 2 imview3 function reads a an internal IM, or a message from a b guest or c removed member, which has unknown impact and...

6.7AI score0.01126EPSS
Exploits0References3
Cvelist
Cvelist
added 2007/06/26 11:0 p.m.24 views

CVE-2007-3422

The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain 1 non-printing characters, 2 certain printing characters that do not commonly occur in URLs, or 3 invalid URL encoding sequences, which has unknown impact and remote...

6.6AI score0.01126EPSS
Exploits0References3
Cvelist
Cvelist
added 2007/06/26 11:0 p.m.24 views

CVE-2007-3424

The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors...

6.6AI score0.01126EPSS
Exploits0References3
CVE
CVE
added 2007/06/26 11:0 p.m.52 views

CVE-2007-3422

WebAPP (web-app.org) before 0.9.9.7 is affected by CVE-2007-3422. The getcgi function in cgi-bin/cgi-lib/subs.pl parses query strings containing (1) non‑printing characters, (2) certain printing characters not common in URLs, or (3) invalid URL encoding sequences. Impact is stated as unknown with...

7.5CVSS6.7AI score0.01126EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2007/06/26 11:0 p.m.50 views

CVE-2007-3423

CVE-2007-3423 affects WebAPP (web-app.org) WebAPP versions before 0.9.9.7. The vulnerable component is cgi-bin/cgi-lib/instantmessage.pl, where the From field of an instant message is used as the beginning of the .dat filename when the imview2 or imview3 function reads messages from an internal I...

7.5CVSS6.7AI score0.01126EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2007/06/26 11:0 p.m.51 views

CVE-2007-3420

The CVE concerns WebAPP (web-app.org) prior to version 0.9.9.7, where the Random Cookie Password feature in the loaduser function (cgi-bin/cgi-lib/subs.pl) fails to clear four cookies (username, password, usertheme, userlang) for unauthorized users. This creates a potential, described as having u...

7.5CVSS6.7AI score0.01126EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2007/06/26 11:0 p.m.45 views

CVE-2007-3416

CVE-2007-3416 describes CSRF vulnerabilities in the administration interfaces (polls, profiles, IP bans, and forums) of WebAPP 0.8–0.9.9.6 (web-app.org) and WebAPP 0.9.9.3.3–2007 (web-app.net). The underlying issue is cross-site request forgery that lets remote attackers perform deletions with ad...

5CVSS7AI score0.00581EPSS
Exploits0References4Affected Software2
CVE
CVE
added 2007/06/26 11:0 p.m.45 views

CVE-2007-3421

CVE-2007-3421 concerns web-app.org WebAPP prior to 0.9.9.7, where multiple features (login, admin profile edit, reminder, edit profile, profile view, gallery view, gallery comment, and gallery feedback) do not verify presence of users in memberlist.dat. The root cause is a missing user verificati...

7.5CVSS6.7AI score0.01126EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2007/06/26 11:0 p.m.26 views

CVE-2007-3421

The 1 login, 2 admin profile edit, 3 reminder, 4 edit profile, 5 profile view, 6 gallery view, 7 gallery comment, and 8 gallery feedback capabilities in web-app.org WebAPP before 0.9.9.7 do not verify presence of users in memberlist.dat, which has unknown impact and remote attack vectors...

6.7AI score0.01126EPSS
Exploits0References3
Rows per page
Query Builder