EUVD-2002-0212

Malware in sbrugna...

Agora.CGI 3.x/4.0 Debug Mode Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3702/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, the Agora.cgi script does not adequately filter HTML tags when debug information is being output. Debug mode is not...

Agora.CGI 3/4 Debug Mode Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3976/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, it is possible for a remote attacker to display the absolute path to the directory that the agora.cgi script is stor...

CVE-2001-1199

Agora CGI Cross Site Scripting (CVE-2001-1199) affects Agora versions 3.0a–4.0g due to improper input validation in the cart_id parameter when debug mode is on, enabling remote attackers to execute JavaScript in other clients. The vulnerability is documented in multiple sources (e.g., OpenVAS des...

CVE-2002-0215

Agora.cgi versions 3.2r through 4.0 in debug mode disclose the full pathname of the agora.cgi file when a non-existent .html file is requested, enabling remote disclosure of server file paths. This is an information disclosure vulnerability in the web application component. The affected component...