Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
agora vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2005-2648
Directory traversal vulnerability in index.php in W-Agora 4.2.0 and previous versions allows remote malicious users to read arbitrary files via the site parameter.
W-agora W-agora 4.2
1 EDB exploit
4.3
CVSSv2
CVE-2006-2228
Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote malicious users to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, wh...
W-agora W-agora 4.2.0
1 EDB exploit
7.5
CVSSv2
CVE-2004-1562
SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote malicious users to execute arbitrary SQL commands via the key parameter.
W-agora W-agora 4.1.6a
1 EDB exploit
5
CVSSv2
CVE-2004-1564
CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote malicious users to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter.
W-agora W-agora 4.1.6a
1 EDB exploit
5
CVSSv2
CVE-2007-1607
search.php in w-Agora (Web-Agora) allows remote malicious users to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error.
W-agora W-agora 4.2.1
7.5
CVSSv2
CVE-2007-1604
Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote malicious users to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using browse_avatar.php to uploa...
W-agora W-agora 4.2.1
1 EDB exploit
4.3
CVSSv2
CVE-2007-1606
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote malicious users to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid paramet...
W-agora W-agora 4.2.1
3 EDB exploits
7.5
CVSSv2
CVE-2008-1466
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote malicious users to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) ed...
W-agora W-agora 4.0
9 EDB exploits
5
CVSSv2
CVE-2004-1565
list.php in w-Agora 4.1.6a allows remote malicious users to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter.
W-agora W-agora 4.1.6a
4.3
CVSSv2
CVE-2017-6559
XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack.
Agora-project Agora-project 3.2.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002
CVE-2006-4304
CVE-2024-4336
CVE-2024-33437
CVE-2024-4340
CVE-2024-27956
privilege
insecure direct object reference
XSS
item search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »