MidnightBSD

Advisories for web-app.org

CVE-2004-1742 MEDIUM

Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
web-app.org webapp 0.9.9
CVE-2005-0927 HIGH

Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has unknown impact and attack vectors, probably involving shell metacharacters or .. sequences.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
web-app.org webapp 0.9.9
web-app.org webapp 0.9.9.2
web-app.org webapp 0.9.9.1
CVE-2005-1628 HIGH

apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
web-app.org webapp 0.9.9
web-app.org webapp 0.9.9.2
web-app.org webapp 0.9.9.2.1
CVE-2006-1427 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) id, (3) num, (4) board, (5) cat, (6) real, (7) viewcat, (8) img, or (9) curcatname parameter in cgi-bin/index.cgi, or (10) vsSD parameter in /mods/calendar/index.cgi.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
web-app.org webapp 0.9.9.3
web-app.org webapp 0.9.9.3.2
web-app.org webapp 0.9.9.2
web-app.org webapp 0.9.9.2.1
web-app.org webapp 0.9.9.1
web-app.org webapp 0.9.9.3.1