12 matches found
EUVD-2007-1600
Malware in sbrugna...
CVE-2007-1604
Multiple unrestricted file upload vulnerabilities in w-Agora Web-Agora allow remote attackers to upload and execute arbitrary PHP code 1 via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or 2 by using browseavatar.php to upload a file with a double...
CVE-2004-1563
Multiple cross-site scripting XSS vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the 1 thread parameter to downloadthread.php, 2 loginuser parameter to login.php, or 3 userid parameter to forgotpassword.php...
w-Agora 4.1.6a Multiple Input Validation Vulnerabilities
The remote host is running w-agora, a web-based forum management software written in PHP. There are multiple input validation flaws in the remote version of this software : - There is a SQL injection vulnerability in the file 'redirurl.php' that could allow an attacker to execute arbitrary SQL...
W-Agora Multiple Input Validation Vulnerabilities
Binary data 2339.prm...
W-Agora 4.1.6 - a redir_url.php?key SQL Injection
W-Agora 4.1.6 - a redirurl.php?key SQL Injection source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to...
W-Agora 4.1.6a - subscribe_thread.php HTTP Response Splitting
W-Agora 4.1.6a - subscribethread.php HTTP Response Splitting source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these...
W-Agora 4.1.6 - a forgot_password.php?userid Cross-Site Scripting
W-Agora 4.1.6 - a forgotpassword.php?userid Cross-Site Scripting source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these...
W-Agora 4.1.6 - a download_thread.php?thread Cross-Site Scripting
W-Agora 4.1.6 - a downloadthread.php?thread Cross-Site Scripting source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these...
W-Agora 4.1.6 - 'a download_thread.php?thread' Cross-Site Scripting
source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, a...
W-Agora 4.1.6a - 'subscribe_thread.php' HTTP Response Splitting
source: https://www.securityfocus.com/bid/11283/info Multiple vulnerabilities are reported to affect the application. These issues arise due to insufficient sanitization of user-supplied data. A remote attacker may leverage these vulnerabilities to carry out SQL injection, cross-site scripting, a...
Security holes in LokwaBB and W-Agora
Somebody advised me to post also on bugtraq not only on vuln-dev, I thus do it : I just hope that doesn't give more work to the webmasters. Product 1 : W-Agora 4.1.3 http://www.w-agora.net Problem : - Including file Exploits : - With a file http://www.attacker.com/dbaccess.txt :...