Design/Logic Flaw

cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the 1 imview2 or 2 imview3 function reads a an internal IM, or a message from a b guest or c removed member, which has unknown impact and...

CVE-2007-3419

The CVE-2007-3419 entry concerns the editprofile3 function in cgi-bin/cgi-lib/user.pl of WebAPP (web-app.org) prior to version 0.9.9.7. The issue involves improper validation of seven data files (themes.dat, languages.dat, profession.dat, gen.dat, marstat.dat, states.dat, ages.dat) when saving me...

CVE-2006-7188

The search function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to read internal forum posts via certain requests, possibly related to the $info'forum' variable...

CVE-2006-7188

The CVE-2006-7188 entry concerns WebAPP by web-app.net. Affected component: the search.pl in cgi-lib/user-lib. Before 20060909, remote attackers could read internal forum posts by crafting certain requests, with the issue possibly tied to the $info{'forum'} variable. The provided sources confirm ...