Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
w-agora vulnerabilities and exploits
(subscribe to this query)
795
VMScore
CVE-2008-1466
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote malicious users to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) ed...
W-agora W-agora 4.0
9 EDB exploits
435
VMScore
CVE-2006-2228
Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote malicious users to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, wh...
W-agora W-agora 4.2.0
1 EDB exploit
505
VMScore
CVE-2005-2648
Directory traversal vulnerability in index.php in W-Agora 4.2.0 and previous versions allows remote malicious users to read arbitrary files via the site parameter.
W-agora W-agora 4.2
1 EDB exploit
755
VMScore
CVE-2004-1562
SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote malicious users to execute arbitrary SQL commands via the key parameter.
W-agora W-agora 4.1.6a
1 EDB exploit
445
VMScore
CVE-2004-1563
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote malicious users to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php.
W-agora W-agora 4.1.6a
3 EDB exploits
505
VMScore
CVE-2004-1564
CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote malicious users to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter.
W-agora W-agora 4.1.6a
1 EDB exploit
445
VMScore
CVE-2004-1565
list.php in w-Agora 4.1.6a allows remote malicious users to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter.
W-agora W-agora 4.1.6a
445
VMScore
CVE-2007-0606
w-agora 4.2.1 allows remote malicious users to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error message.
W-agora W-agora 4.2.1
383
VMScore
CVE-2007-0607
W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote malicious users to obtain application path information via a direct request.
W-agora W-agora 4.2.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2