Show filters
6 Total Results
Displaying 1-6 of 6
Sort by:
Attacker Value
Unknown
CVE-2010-4868
Disclosure Date: October 05, 2011 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter.
0
Attacker Value
Unknown
CVE-2010-4867
Disclosure Date: October 05, 2011 (last updated October 04, 2023)
Directory traversal vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the bn parameter.
0
Attacker Value
Unknown
CVE-2004-1564
Disclosure Date: December 31, 2004 (last updated February 22, 2025)
CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter.
0
Attacker Value
Unknown
CVE-2004-1565
Disclosure Date: December 31, 2004 (last updated February 22, 2025)
list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter.
0
Attacker Value
Unknown
CVE-2004-1562
Disclosure Date: December 31, 2004 (last updated February 22, 2025)
SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter.
0
Attacker Value
Unknown
CVE-2004-1563
Disclosure Date: December 31, 2004 (last updated February 22, 2025)
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php.
0
