Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| web-app.org | webapp | 0.9.9 |
Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has unknown impact and attack vectors, probably involving shell metacharacters or .. sequences.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| web-app.org | webapp | 0.9.9 |
| web-app.org | webapp | 0.9.9.2 |
| web-app.org | webapp | 0.9.9.1 |
apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| web-app.org | webapp | 0.9.9 |
| web-app.org | webapp | 0.9.9.2 |
| web-app.org | webapp | 0.9.9.2.1 |
Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) id, (3) num, (4) board, (5) cat, (6) real, (7) viewcat, (8) img, or (9) curcatname parameter in cgi-bin/index.cgi, or (10) vsSD parameter in /mods/calendar/index.cgi.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| web-app.org | webapp | 0.9.9.3 |
| web-app.org | webapp | 0.9.9.3.2 |
| web-app.org | webapp | 0.9.9.2 |
| web-app.org | webapp | 0.9.9.2.1 |
| web-app.org | webapp | 0.9.9.1 |
| web-app.org | webapp | 0.9.9.3.1 |