| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2004-1563 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to
|
11-07-2017 - 01:31 | 31-12-2004 - 05:00 | |
| CVE-2004-1564 | 5.0 |
CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter.
|
11-07-2017 - 01:31 | 31-12-2004 - 05:00 | |
| CVE-2004-1562 | 7.5 |
SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter.
|
11-07-2017 - 01:31 | 31-12-2004 - 05:00 | |
| CVE-2004-1565 | 5.0 |
list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter.
|
18-10-2016 - 02:56 | 31-12-2004 - 05:00 |