Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
agora vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2007-1605
w-Agora (Web-Agora) allows remote malicious users to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4) an empty value of the bn[] parameter; a request to index.php with a certain...
W-agora W-agora 4.2.1
7.5
CVSSv2
CVE-2007-1604
Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote malicious users to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using browse_avatar.php to uploa...
W-agora W-agora 4.2.1
1 EDB exploit
4.3
CVSSv2
CVE-2007-1606
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote malicious users to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid paramet...
W-agora W-agora 4.2.1
3 EDB exploits
5
CVSSv2
CVE-2005-2648
Directory traversal vulnerability in index.php in W-Agora 4.2.0 and previous versions allows remote malicious users to read arbitrary files via the site parameter.
W-agora W-agora 4.2
1 EDB exploit
5
CVSSv2
CVE-2004-1564
CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote malicious users to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter.
W-agora W-agora 4.1.6a
1 EDB exploit
7.5
CVSSv2
CVE-2008-1466
Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote malicious users to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) delete_user.php, (6) ed...
W-agora W-agora 4.0
9 EDB exploits
4.3
CVSSv2
CVE-2006-2228
Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote malicious users to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, wh...
W-agora W-agora 4.2.0
1 EDB exploit
5
CVSSv2
CVE-2007-1607
search.php in w-Agora (Web-Agora) allows remote malicious users to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error.
W-agora W-agora 4.2.1
7.5
CVSSv2
CVE-2004-1562
SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote malicious users to execute arbitrary SQL commands via the key parameter.
W-agora W-agora 4.1.6a
1 EDB exploit
4.3
CVSSv2
CVE-2004-1563
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote malicious users to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php.
W-agora W-agora 4.1.6a
3 EDB exploits
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »