36 matches found
CVE-2007-1827
Affected software: web-app.org WebAPP before 0.9.9.6. Issue: multiple unspecified flaws in form input validation allow remote authenticated users to corrupt data files, access private files, and execute arbitrary code via certain characters. Root cause is tied to input validation weaknesses; expl...
CVE-2007-1184
CVE-2007-1184 affects WebAPP prior to version 0.9.9.5, where the default CAPTCHA configuration is set to “no.” This weakness makes it easier for automated programs to submit false data. The description explicitly states the default CAPTCHA exposure as the root cause and the resulting impact is au...
CVE-2007-1176
WebAPP is affected by multiple XSS vulnerabilities in versions before 0.9.9.5, allowing remote attackers to inject arbitrary script/HTML via vectors including Gallery Comments pages, Feedback pages, Search Results pages, and the Statistics Log viewer. The impact is the ability to execute script i...
CVE-2007-1174
CVE-2007-1174 describes multiple XSS vulnerabilities in WebAPP prior to 20070214, allowing remote attackers to inject arbitrary script/HTML via unspecified vectors related to user Profiles. The NVD entry lists a base CVSS v2 score of 4.3 (Medium) with impact: integrity partially affected, confide...
CVE-2007-3242
The CVE-2007-3242 entry concerns the Menu Manager Mod for WebAPP WebAPP NE (versions 0.9.9.3.3–0.9.9.8) and WebAPP.org WebAPP before 0.9.9.6. The vulnerability allows remote authenticated users to execute arbitrary commands by injecting shell metacharacters into the titles of items in a personal ...
CVE-2007-1259
Technical details about CVE-2007-1259 are not publicly provided in the supplied documents. WebAPP
CVE-2007-1828
CVE-2007-1828 affects WebAPP by web-app.org prior to version 0.9.9.6. The vulnerability is a cross-site scripting (XSS) flaw that allows remote authenticated users to inject arbitrary script or HTML via the QUERY_STRING (e.g., drop-down related) or through various forms. This indicates an input h...
CVE-2007-1830
Technical details for CVE-2007-1830 are not publicly available in the provided documents. Monitor for updates; no explicit affected product/version, root cause, or remediation details are present in the connected sources.
CVE-2007-3418
The CVE-2007-3418 issue affects WebAPP (web-app.org) prior to version 0.9.9.7. The displaypost function in cgi-bin/cgi-lib/forum_display.pl does not display usernames with real names, which enables remote authenticated users to impersonate other users. Affected component: forum_display.pl. Root c...
CVE-2005-1628
WebAPP apage.cgi remote command execution (CVE-2005-1628) affects WebAPP versions 0.9.9.2.1 and earlier. The flaw is due to lack of input validation in the f parameter, allowing an attacker to execute arbitrary shell commands on the remote host with the web server’s privileges. Affected component...
CVE-2007-1175
CVE-2007-1175 is an XSS vulnerability in WebAPP (admin feature) before 20070209. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Impact is described as partial integrity impact with no confidentiality or availability impact, per the NVD metrics (b...
CVE-2007-1489
CVE-2007-1489 affects WebAPP (Web Automated Perl Portal) versions 0.9.9.4–0.9.9.6. The data in connected documents indicates a vulnerability allowing remote attackers to gain admin access by modifying cookies and performing a sequence of actions, with the likely root cause described as a cross-si...
CVE-2007-1831
CVE-2007-1831 affects web-app.org WebAPP prior to 0.9.9.6. The issue allows remote authenticated users to open files and write the string "wrong data" through a crafted QUERY_STRING. Impact and remediation are not elaborated beyond the described behavior in the provided sources; exploitation deta...
CVE-2004-1742
WebAPP 0.9.9 is affected by a directory traversal in the index.cgi viewcat parameter, allowing remote attackers to read arbitrary files on the web server. The issue arises from directory-traversal filtering failures in the CGI, exposing the host file system with web server privileges. Affected ve...
CVE-2007-1187
WebAPP prior to 0.9.9.5 is affected by an information disclosure vulnerability: remote authenticated users without admin privileges can access sensitive information via the Forum Archive feature and Recent Searches. The issue is documented in CVE-2007-1187 with a base impact on confidentiality (P...
CVE-2007-3422
WebAPP (web-app.org) before 0.9.9.7 is affected by CVE-2007-3422. The getcgi function in cgi-bin/cgi-lib/subs.pl parses query strings containing (1) non‑printing characters, (2) certain printing characters not common in URLs, or (3) invalid URL encoding sequences. Impact is stated as unknown with...
CVE-2007-1179
WebAPP before 0.9.9.5 is affected by improper handling of e-mail addresses across multiple features (Recommend, Email Article, sender/recipient handling, New User Approval, Edit Profiles, Newsletter Subscription, and sending of articles). The description indicates an unknown impact and potential ...
CVE-2007-1177
CVE-2007-1177 affects WebAPP versions prior to 0.9.9.5. The issue is described as improper filtering of certain characters in several contexts (query string, Profiles, Forum Post icon field, Edit Profile, Gallery), with the impact labeled unknown and potential for cross-site scripting (XSS). Risk...
CVE-2007-1180
WebAPP is affected by CVE-2007-1180. Vulnerability: WebAPP before 0.9.9.5 does not check referrers in certain forms, potentially enabling remote cross-site request forgery (CSRF) or related effects. Affected software: WebAPP (version
CVE-2007-1181
CVE-2007-1181 affects WebAPP versions before 0.9.9.5. The root cause is that the application passes unused information and the username through Edit Profile forms, with impact and attack vectors described as unknown in the sources. The connected documents do not provide explicit remediation, expl...
CVE-2007-3419
The CVE-2007-3419 entry concerns the editprofile3 function in cgi-bin/cgi-lib/user.pl of WebAPP (web-app.org) prior to version 0.9.9.7. The issue involves improper validation of seven data files (themes.dat, languages.dat, profession.dat, gen.dat, marstat.dat, states.dat, ages.dat) when saving me...
CVE-2007-3420
The CVE concerns WebAPP (web-app.org) prior to version 0.9.9.7, where the Random Cookie Password feature in the loaduser function (cgi-bin/cgi-lib/subs.pl) fails to clear four cookies (username, password, usertheme, userlang) for unauthorized users. This creates a potential, described as having u...
CVE-2007-1185
CVE-2007-1185 affects WebAPP prior to 0.9.9.5, where the (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval forms rely on hidden inputs. The connected sources identify this as a design/logic issue with hidden inputs but do not specify concrete impact, exploitation conditions, or r...
CVE-2007-1832
The CVE-2007-1832 vulnerability affects web-app.org WebAPP prior to version 0.9.9.6. It allows remote authenticated users to upload certain files through two vectors: (1) via a crafted filename and (2) by using percent encoding in forms. The available sources describe the issue and confirm the up...
CVE-2007-3423
CVE-2007-3423 affects WebAPP (web-app.org) WebAPP versions before 0.9.9.7. The vulnerable component is cgi-bin/cgi-lib/instantmessage.pl, where the From field of an instant message is used as the beginning of the .dat filename when the imview2 or imview3 function reads messages from an internal I...
CVE-2007-1182
CVE-2007-1182 affects WebAPP prior to version 0.9.9.5, allowing remote Guest users to edit a Guest profile. The impact is described as unknown in the source, with no explicit remediation details provided in the connected documents.
CVE-2005-0927
Technical details about CVE-2005-0927 are not publicly available in the provided documents. Monitor for updates; no confirmed affected versions, root cause, or remediation are stated here.
CVE-2007-1178
The CVE-2007-1178 entry concerns WebAPP prior to version 0.9.9.5, where access checks are not performed in specific contexts: (1) Calendar Administration, (2) Instant Messages Administration, and (3) the Image Uploader. The initial description states the impact and attack vectors are unknown. The...
CVE-2007-1183
CVE-2007-1183 concerns WebAPP prior to 0.9.9.5, where remote authenticated users can spoof another user’s Real Name via whitespace. The available sources indicate the impact and attack vectors are unknown, with no concrete exploitation details provided. Affected version is explicitly stated as
CVE-2007-1188
CVE-2007-1188 concerns WebAPP prior to 0.9.9.5, where the Search form accepts input that is not checked for composition or length. The impact is described as unknown and possibly related to “search form hijacking,” but no concrete exploitation details, affected versions beyond the stated one, or ...
CVE-2007-3416
CVE-2007-3416 describes CSRF vulnerabilities in the administration interfaces (polls, profiles, IP bans, and forums) of WebAPP 0.8–0.9.9.6 (web-app.org) and WebAPP 0.9.9.3.3–2007 (web-app.net). The underlying issue is cross-site request forgery that lets remote attackers perform deletions with ad...
CVE-2007-3421
CVE-2007-3421 concerns web-app.org WebAPP prior to 0.9.9.7, where multiple features (login, admin profile edit, reminder, edit profile, profile view, gallery view, gallery comment, and gallery feedback) do not verify presence of users in memberlist.dat. The root cause is a missing user verificati...
CVE-2006-1427
CVE-2006-1427 involves multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier. The affected component is the web application’s CGI interfaces, specifically cgi-bin/index.cgi (parameters: action, id, num, board, cat, real, viewcat, img, curcatname) and /mods/calendar/i...
CVE-2007-3417
CVE-2007-3417 covers multiple XSS vulnerabilities in the WebAPP web-app.org CGI module: cgi-bin/cgi-lib/search.pl, where a non-sanitized search string is echoed into an HREF attribute by process_search or show_recent_searches. The issue affects WebAPP prior to version 0.9.9.7 and allows remote at...
CVE-2007-3424
The affected software is WebAPP (Web-app.org) prior to version 0.9.9.7. The vulnerability lies in the moveim function of cgi-bin/cgi-lib/instantmessage.pl, which uses the tocat parameter as a subdirectory name when moving an instant message. The underlying impact is described as unknown in the so...
CVE-2007-1186
CVE-2007-1186 affects WebAPP prior to version 0.9.9.5. The issue is that the application does not censor the Latest Member real name, with the impact described as unknown in the provided sources. No further technical details (e.g., affected components, exploit vectors, or concrete remediation) ar...