Searching w agora software vulnerabilities

netris 0.5, and possibly other versions before

versions | possibly | netris | before | other |

netris 0.5, and possibly other versions before 0.52, when running with the -w (wait) option, allows remote attackers to cause a denial of service (crash) via a long string to port 9284.


editform.php in w-Agora 4.1.5 allows local user

editformphp | w-Agora |

editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. (dot dot) sequences in the file parameter.


Cross-site scripting vulnerability (XSS) in edi

vulnerability | Cross-site | scripting |

Cross-site scripting vulnerability (XSS) in editform.php for w-Agora 4.1.5 allows remote attackers to execute arbitrary web script via an arbitrary form field name containing the script, which is echoed back to the user when displaying the form.


ls in the fileutils or coreutils packages allow

applications | fileutils | exploited | coreutils | remotely | packages | consume | wu-ftpd | memory | allows | amount | large | users | local | value | which | such | via | can | use |

ls in the fileutils or coreutils packages allows local users to consume a large amount of memory via a large -w value, which can be remotely exploited via applications that use ls, such as wu-ftpd.


SQL injection vulnerability in redir_url.php in

vulnerability | redir_urlphp | attackers | arbitrary | injection | parameter | commands | execute | w-Agora | allows | remote | 416a | SQL | key | via |

SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php.


CRLF injection vulnerability in subscribe_threa

subscribe_threadphp | vulnerability | Splitting | attackers | injection | parameter | Response | expected | attacks | w-Agora | content | perform | modify | allows | thread | server | remote | CRLF | 416a | HTML | HTTP | via |

CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter.


list.php in w-Agora 4.1.6a allows remote attack

attackers | malformed | involving | parameter | possibly | listphp | crafted | request | w-Agora | allows | remote | reveal | full | 416a | path | HTTP | via |

list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter.


Directory traversal vulnerability in index.php

vulnerability | Directory | traversal | indexphp | W-Agora |

Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers to read arbitrary files via the site parameter.


Buffer overflow in the is_client_wad_ok functio

is_client_wad_ok | function | w_wadcpp | overflow | Buffer |

Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) Zdaemon 1.08.01 and (2) X-Doom allows remote attackers to execute arbitrary code via a long filename argument.


Cross-site scripting (XSS) vulnerability in w-A

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, which bypasses a restrictive regular expression that attempts to remove onmouseover and other events.


PHP remote file inclusion vulnerability in modu

modules/Mysqlfinder/MysqlfinderAdminphp | _SESSION[PATH_COMPOSANT] | register_globals | vulnerability | parameter | attackers | inclusion | arbitrary | execute | enabled | remote | allows | Agora | code | file | RC1 | PHP | via | URL |

PHP remote file inclusion vulnerability in modules/Mysqlfinder/MysqlfinderAdmin.php in Agora 1.4 RC1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the _SESSION[PATH_COMPOSANT] parameter.


w-agora 4.2.1 allows remote attackers to obtain

w-agora |

w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error message.


W-Agora (Web-Agora) 4.2.1, when register_global

W-Agora |

W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores globals.inc under the web document root with insufficient access control, which allows remote attackers to obtain application path information via a direct request.


Multiple unrestricted file upload vulnerabiliti

vulnerabilities | unrestricted | Multiple | w-Agora | upload | file |

Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using browse_avatar.php to upload a file with a double extension, as demonstrated by .php.jpg.


w-Agora (Web-Agora) allows remote attackers to

w-Agora |

w-Agora (Web-Agora) allows remote attackers to obtain sensitive information via a request to rss.php with an invalid (1) site or (2) bn parameter, (3) a certain value of the site[] parameter, or (4) an empty value of the bn[] parameter; a request to index.php with a certain value of the (5) site[] or (6) sort[] parameter; (7) a request to profile.php with an empty value of the site[] parameter; or a request to search.php with (8) an empty value of the bn[] parameter or a certain value of the (9) pattern[] or (10) search_date[] parameter, which reveal the path in various error messages, probably related to variable type inconsistencies. NOTE: the bn[] parameter to index.php is already covered by CVE-2007-0606.1.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid parameter to change_password.php.


search.php in w-Agora (Web-Agora) allows remote

searchphp | w-Agora |

search.php in w-Agora (Web-Agora) allows remote attackers to obtain potentially sensitive information via a ' (quote) value followed by certain SQL sequences in the (1) search_forum or (2) search_user parameter, which force a SQL error.


Multiple unspecified vulnerabilities in Free-SA

vulnerabilities | unspecified | Multiple | Free-SA | before |

Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow remote attackers to execute arbitrary code via unspecified vectors involving certain (1) sprintf and (2) vsprintf calls in (a) r_index.c, (b) r_reports.c, (c) r_topsites.c, (d) r_topuser.c, (e) r_typical.c, (f) r_userdatetime.c, and (g) r_users.c in reports/; and (h) w_fs.c, (i) w_internal.c, and (j) w_log_operations.c in work/, probably related to buffer overflows. NOTE: some of these details are obtained from third party information.


Unspecified vulnerability in the Map I/O Servic

vulnerability | Unspecified | Service | I/O | Map |

Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi XP/W on HI-UX/WE2 before Monday, March 19, 2007, and XP/W on HP-UX before Thursday, April 05, 2007, allows remote attackers to cause a denial of service via certain data to the service port.


Software vulnerabilities results 1 to 20 of 48     
Page: 123