Vulnerabilities > W Agora > W Agora > 4.1.6a
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-05 | CVE-2010-4868 | Cross-Site Scripting vulnerability in W-Agora Cross-site scripting (XSS) vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the bn parameter. | 4.3 |
| 2011-10-05 | CVE-2010-4867 | Path Traversal vulnerability in W-Agora Directory traversal vulnerability in search.php3 (aka search.php) in W-Agora 4.2.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
| 2004-12-31 | CVE-2004-1565 | Remote Input Validation vulnerability in W-Agora 4.1.6A list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter. | 5.0 |
| 2004-12-31 | CVE-2004-1564 | Remote Input Validation vulnerability in W-Agora 4.1.6A CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter. | 5.0 |
| 2004-12-31 | CVE-2004-1563 | Remote Input Validation vulnerability in W-Agora 4.1.6A Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php. network w-agora | 4.3 |
| 2004-12-31 | CVE-2004-1562 | Remote Input Validation vulnerability in W-Agora 4.1.6A SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter. | 7.5 |