Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
agora vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2007-1607
search.php in w-Agora (Web-Agora) allows remote malicious users to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error.
W-agora W-agora 4.2.1
505
VMScore
CVE-2004-1564
CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote malicious users to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter.
W-agora W-agora 4.1.6a
1 EDB exploit
383
VMScore
CVE-2017-6559
XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack.
Agora-project Agora-project 3.2.2
383
VMScore
CVE-2017-6561
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack.
Agora-project Agora-project 3.2.2
383
VMScore
CVE-2017-6560
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack.
Agora-project Agora-project 3.2.2
383
VMScore
CVE-2017-6562
XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack.
Agora-project Agora-project 3.2.2
435
VMScore
CVE-2006-2228
Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote malicious users to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, wh...
W-agora W-agora 4.2.0
1 EDB exploit
409
VMScore
CVE-2002-2128
editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. (dot dot) sequences in the file parameter.
W-agora W-agora 4.1.5
445
VMScore
CVE-2004-1563
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote malicious users to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php.
W-agora W-agora 4.1.6a
3 EDB exploits
445
VMScore
CVE-2004-1565
list.php in w-Agora 4.1.6a allows remote malicious users to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter.
W-agora W-agora 4.1.6a
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »