CVE-2006-7186

cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows attackers to open list files in "profile and other functions," a different vulnerability than CVE-2005-0927...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the administration of 1 polls, 2 profiles, 3 IP bans, and 4 forums in a web-app.org WebAPP 0.8 through 0.9.9.6; and b web-app.net WebAPP 0.9.9.3.3, 0.9.9.3.4, and 2007; allow remote attackers to perform deletions as administrators...

CVE-2007-3242

The CVE-2007-3242 entry concerns the Menu Manager Mod for WebAPP WebAPP NE (versions 0.9.9.3.3–0.9.9.8) and WebAPP.org WebAPP before 0.9.9.6. The vulnerability allows remote authenticated users to execute arbitrary commands by injecting shell metacharacters into the titles of items in a personal ...

Menu Manager Mod for WebAPP - No Input Filtering

There is a system access vulnerability in the Menu Manager Mod for WebAPP. This mod is available at http://www.2xlnt.com/webapp/development/app.cgi?action=downloadinfo&cat=webappmods&id=3 . System commands can be entered in user's personal menus. Any system command works there and allows reading ...

CVE-2006-7190

Cross-site scripting XSS vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP before 20060515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the viewnews function, related to use of doubbctopic instead of doubbc...

Code injection

Multiple unspecified vulnerabilities in web-app.net WebAPP have unknown impact and attack vectors, described as "having other security issues too, not as bad as letting users take over your admin account, but bad too."...

CVE-2007-1829

Multiple unspecified vulnerabilities in web-app.net WebAPP have unknown impact and attack vectors, described as "having other security issues too, not as bad as letting users take over your admin account, but bad too."...

CVE-2006-7189

Cross-site scripting XSS vulnerability in cgi-bin/admin/logs.cgi in web-app.net WebAPP before 20060403 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the Statistics Log Viewer...

CVE-2006-7186

cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows attackers to open list files in "profile and other functions," a different vulnerability than CVE-2005-0927...

CVE-2006-7186

cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows attackers to open list files in "profile and other functions," a different vulnerability than CVE-2005-0927...

CVE-2006-7190

Cross-site scripting XSS vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP before 20060515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the viewnews function, related to use of doubbctopic instead of doubbc...

CVE-2006-7190

CVE-2006-7190 describes a Cross-site Scripting (XSS) vulnerability in the cgi-bin/user-lib/topics.pl component of WebAPP (web-app.net) prior to 20060515. The issue allows remote attackers to inject arbitrary web scripts or HTML through unknown vectors in the viewnews function, with the root cause...

CVE-2007-1829

Technical details for CVE-2007-1829 are not publicly available in the provided documents. Monitor for updates from official advisories; the materials here do not specify affected products, impact, vectors, or mitigations.

CVE-2006-7187

The CVE-2006-7187 entry documents a Cross-site scripting (XSS) vulnerability in the WebAPP product where the show_recent_searches function (cgi-lib/user-lib/search.pl) accepts user-controlled input via the srch parameter. Affects WebAPP prior to 2006-09-09; exploitable by remote attackers to inje...

CVE-2007-1829

Multiple unspecified vulnerabilities in web-app.net WebAPP have unknown impact and attack vectors, described as "having other security issues too, not as bad as letting users take over your admin account, but bad too."...

CVE-2006-7186

The CVE-2006-7186 entry concerns WebAPP (WebAPP) CGI component cgi-lib/subs.pl, affected in versions before 0.9.9.3.5. The vulnerability enables attackers to open list files in the profile and other functions, per the description, and is noted as distinct from CVE-2005-0927. No remediation steps ...

CVE-2006-7187

Cross-site scripting XSS vulnerability in the showrecentsearches function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to inject arbitrary web script or HTML via the srch variable...

CVE-2006-7189

Cross-site scripting XSS vulnerability in cgi-bin/admin/logs.cgi in web-app.net WebAPP before 20060403 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the Statistics Log Viewer...

CVE-2006-7188

The CVE-2006-7188 entry concerns WebAPP by web-app.net. Affected component: the search.pl in cgi-lib/user-lib. Before 20060909, remote attackers could read internal forum posts by crafting certain requests, with the issue possibly tied to the $info{'forum'} variable. The provided sources confirm ...

CVE-2006-7189

CVE-2006-7189 describes a cross-site scripting (XSS) vulnerability in the web-app.net WebAPP product, specifically in the shell path CGI-bin/admin/logs.cgi, prior to version 20060403. The flaw allows remote attackers to inject arbitrary web script or HTML through unspecified vectors related to th...