Search

Find a vulnerability

Search criteria

    8 vulnerabilities found for web_wiz_forums by webwiz

    CVE-2019-25442 (GCVE-0-2019-25442)

    Vulnerability from nvd – Published: 2026-02-22 13:18 – Updated: 2026-04-07 14:04
    VLAI
    Title
    Web Wiz Forums 12.01 SQL Injection via PF Parameter
    Summary
    Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to member_profile.asp with malicious PF values to extract sensitive database information.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Webwiz Web Wiz Forums Affected: 12.01
    Create a notification for this product.
    Date Public
    2019-08-16 00:00
    Credits
    n1x_ [MS-WEB]
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-25442",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-25T16:19:58.051777Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T16:20:08.333Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Web Wiz Forums",
              "vendor": "Webwiz",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.01"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:webwiz:web_wiz_forums:12.01:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "n1x_ [MS-WEB]"
            }
          ],
          "datePublic": "2019-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to member_profile.asp with malicious PF values to extract sensitive database information."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T14:04:06.534Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-47284",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/47284"
            },
            {
              "name": "VulnCheck Advisory: Web Wiz Forums 12.01 SQL Injection via PF Parameter",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/web-wiz-forums-sql-injection-via-pf-parameter"
            }
          ],
          "title": "Web Wiz Forums 12.01 SQL Injection via PF Parameter",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2019-25442",
        "datePublished": "2026-02-22T13:18:22.035Z",
        "dateReserved": "2026-02-20T13:43:32.291Z",
        "dateUpdated": "2026-04-07T14:04:06.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2008-0466 (GCVE-0-2008-0466)

    Vulnerability from nvd – Published: 2008-01-28 23:00 – Updated: 2024-08-07 07:46
    VLAI
    Summary
    Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/486868/100… mailing-listx_refsource_BUGTRAQ
    https://www.exploit-db.com/exploits/4970 exploitx_refsource_EXPLOIT-DB
    https://www.exploit-db.com/exploits/4971 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/27419 vdb-entryx_refsource_BID
    http://www.bugreport.ir/?/29 x_refsource_MISC
    http://securityreason.com/securityalert/3584 third-party-advisoryx_refsource_SREASON
    http://www.bugreport.ir/?/31 x_refsource_MISC
    http://securitytracker.com/id?1019267 vdb-entryx_refsource_SECTRACK
    http://www.webwizguide.com/webwizrichtexteditor/k… x_refsource_MISC
    http://www.securityfocus.com/archive/1/486866/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2008-01-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:46:54.540Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20080123 Web Wiz Rich Text Editor Directory traversal + HTM/HTML filecreation on the server",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/486868/100/0/threaded"
              },
              {
                "name": "4970",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4970"
              },
              {
                "name": "4971",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4971"
              },
              {
                "name": "27419",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27419"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bugreport.ir/?/29"
              },
              {
                "name": "3584",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3584"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bugreport.ir/?/31"
              },
              {
                "name": "1019267",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019267"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp"
              },
              {
                "name": "20080123 Web Wiz Forums Directory traversal",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/486866/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files.  NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20080123 Web Wiz Rich Text Editor Directory traversal + HTM/HTML filecreation on the server",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/486868/100/0/threaded"
            },
            {
              "name": "4970",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4970"
            },
            {
              "name": "4971",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4971"
            },
            {
              "name": "27419",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27419"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bugreport.ir/?/29"
            },
            {
              "name": "3584",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3584"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bugreport.ir/?/31"
            },
            {
              "name": "1019267",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019267"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp"
            },
            {
              "name": "20080123 Web Wiz Forums Directory traversal",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/486866/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0466",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files.  NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20080123 Web Wiz Rich Text Editor Directory traversal + HTM/HTML filecreation on the server",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/486868/100/0/threaded"
                },
                {
                  "name": "4970",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4970"
                },
                {
                  "name": "4971",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4971"
                },
                {
                  "name": "27419",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27419"
                },
                {
                  "name": "http://www.bugreport.ir/?/29",
                  "refsource": "MISC",
                  "url": "http://www.bugreport.ir/?/29"
                },
                {
                  "name": "3584",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3584"
                },
                {
                  "name": "http://www.bugreport.ir/?/31",
                  "refsource": "MISC",
                  "url": "http://www.bugreport.ir/?/31"
                },
                {
                  "name": "1019267",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019267"
                },
                {
                  "name": "http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp",
                  "refsource": "MISC",
                  "url": "http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp"
                },
                {
                  "name": "20080123 Web Wiz Forums Directory traversal",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/486866/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0466",
        "datePublished": "2008-01-28T23:00:00.000Z",
        "dateReserved": "2008-01-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:46:54.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-0175 (GCVE-0-2006-0175)

    Vulnerability from nvd – Published: 2006-01-11 21:00 – Updated: 2024-08-07 16:25
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/421615/100… mailing-listx_refsource_BUGTRAQ
    http://www.osvdb.org/22398 vdb-entryx_refsource_OSVDB
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/16196 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2006-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:25:34.002Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060111 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34(search_form.asp)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/421615/100/0/threaded"
              },
              {
                "name": "22398",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/22398"
              },
              {
                "name": "20060109 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34 (search_form.asp)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0299.html"
              },
              {
                "name": "16196",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/16196"
              },
              {
                "name": "webwizforums-searchform-xss(24048)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24048"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-19T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060111 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34(search_form.asp)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/421615/100/0/threaded"
            },
            {
              "name": "22398",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/22398"
            },
            {
              "name": "20060109 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34 (search_form.asp)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0299.html"
            },
            {
              "name": "16196",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/16196"
            },
            {
              "name": "webwizforums-searchform-xss(24048)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24048"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-0175",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060111 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34(search_form.asp)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/421615/100/0/threaded"
                },
                {
                  "name": "22398",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/22398"
                },
                {
                  "name": "20060109 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34 (search_form.asp)",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0299.html"
                },
                {
                  "name": "16196",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/16196"
                },
                {
                  "name": "webwizforums-searchform-xss(24048)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24048"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-0175",
        "datePublished": "2006-01-11T21:00:00.000Z",
        "dateReserved": "2006-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:25:34.002Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-2733 (GCVE-0-2004-2733)

    Vulnerability from nvd – Published: 2007-10-09 10:00 – Updated: 2024-08-08 01:36
    VLAI
    Summary
    Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1010012 vdb-entryx_refsource_SECTRACK
    http://www.osvdb.org/5751 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/10255 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/11525 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/5750 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    Date Public
    2004-04-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:36:25.288Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1010012",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1010012"
              },
              {
                "name": "5751",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/5751"
              },
              {
                "name": "10255",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/10255"
              },
              {
                "name": "webwizforums-popuptopicadmin-modify(16030)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16030"
              },
              {
                "name": "11525",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11525"
              },
              {
                "name": "5750",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/5750"
              },
              {
                "name": "webwizforums-unauth-ip-blocking(16031)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16031"
              },
              {
                "name": "20040430 Critical bug in Web Wiz Forum",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-04/1119.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-04-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1010012",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1010012"
            },
            {
              "name": "5751",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/5751"
            },
            {
              "name": "10255",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/10255"
            },
            {
              "name": "webwizforums-popuptopicadmin-modify(16030)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16030"
            },
            {
              "name": "11525",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11525"
            },
            {
              "name": "5750",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/5750"
            },
            {
              "name": "webwizforums-unauth-ip-blocking(16031)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16031"
            },
            {
              "name": "20040430 Critical bug in Web Wiz Forum",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-04/1119.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-2733",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1010012",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1010012"
                },
                {
                  "name": "5751",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/5751"
                },
                {
                  "name": "10255",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/10255"
                },
                {
                  "name": "webwizforums-popuptopicadmin-modify(16030)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16030"
                },
                {
                  "name": "11525",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11525"
                },
                {
                  "name": "5750",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/5750"
                },
                {
                  "name": "webwizforums-unauth-ip-blocking(16031)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16031"
                },
                {
                  "name": "20040430 Critical bug in Web Wiz Forum",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-04/1119.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-2733",
        "datePublished": "2007-10-09T10:00:00.000Z",
        "dateReserved": "2007-10-08T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:36:25.288Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-25442 (GCVE-0-2019-25442)

    Vulnerability from cvelistv5 – Published: 2026-02-22 13:18 – Updated: 2026-04-07 14:04
    VLAI
    Title
    Web Wiz Forums 12.01 SQL Injection via PF Parameter
    Summary
    Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to member_profile.asp with malicious PF values to extract sensitive database information.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Webwiz Web Wiz Forums Affected: 12.01
    Create a notification for this product.
    Date Public
    2019-08-16 00:00
    Credits
    n1x_ [MS-WEB]
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2019-25442",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-25T16:19:58.051777Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T16:20:08.333Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Web Wiz Forums",
              "vendor": "Webwiz",
              "versions": [
                {
                  "status": "affected",
                  "version": "12.01"
                }
              ]
            }
          ],
          "cpeApplicability": [
            {
              "nodes": [
                {
                  "cpeMatch": [
                    {
                      "criteria": "cpe:2.3:a:webwiz:web_wiz_forums:12.01:*:*:*:*:*:*:*",
                      "vulnerable": true
                    }
                  ],
                  "negate": false,
                  "operator": "OR"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "n1x_ [MS-WEB]"
            }
          ],
          "datePublic": "2019-08-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to member_profile.asp with malicious PF values to extract sensitive database information."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "NOT_DEFINED",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "exploitMaturity": "NOT_DEFINED",
                "privilegesRequired": "NONE",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS"
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-07T14:04:06.534Z",
            "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
            "shortName": "VulnCheck"
          },
          "references": [
            {
              "name": "ExploitDB-47284",
              "tags": [
                "exploit"
              ],
              "url": "https://www.exploit-db.com/exploits/47284"
            },
            {
              "name": "VulnCheck Advisory: Web Wiz Forums 12.01 SQL Injection via PF Parameter",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.vulncheck.com/advisories/web-wiz-forums-sql-injection-via-pf-parameter"
            }
          ],
          "title": "Web Wiz Forums 12.01 SQL Injection via PF Parameter",
          "x_generator": {
            "engine": "vulncheck"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "assignerShortName": "VulnCheck",
        "cveId": "CVE-2019-25442",
        "datePublished": "2026-02-22T13:18:22.035Z",
        "dateReserved": "2026-02-20T13:43:32.291Z",
        "dateUpdated": "2026-04-07T14:04:06.534Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2008-0466 (GCVE-0-2008-0466)

    Vulnerability from cvelistv5 – Published: 2008-01-28 23:00 – Updated: 2024-08-07 07:46
    VLAI
    Summary
    Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/486868/100… mailing-listx_refsource_BUGTRAQ
    https://www.exploit-db.com/exploits/4970 exploitx_refsource_EXPLOIT-DB
    https://www.exploit-db.com/exploits/4971 exploitx_refsource_EXPLOIT-DB
    http://www.securityfocus.com/bid/27419 vdb-entryx_refsource_BID
    http://www.bugreport.ir/?/29 x_refsource_MISC
    http://securityreason.com/securityalert/3584 third-party-advisoryx_refsource_SREASON
    http://www.bugreport.ir/?/31 x_refsource_MISC
    http://securitytracker.com/id?1019267 vdb-entryx_refsource_SECTRACK
    http://www.webwizguide.com/webwizrichtexteditor/k… x_refsource_MISC
    http://www.securityfocus.com/archive/1/486866/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2008-01-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T07:46:54.540Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20080123 Web Wiz Rich Text Editor Directory traversal + HTM/HTML filecreation on the server",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/486868/100/0/threaded"
              },
              {
                "name": "4970",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4970"
              },
              {
                "name": "4971",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/4971"
              },
              {
                "name": "27419",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27419"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bugreport.ir/?/29"
              },
              {
                "name": "3584",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SREASON",
                  "x_transferred"
                ],
                "url": "http://securityreason.com/securityalert/3584"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.bugreport.ir/?/31"
              },
              {
                "name": "1019267",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019267"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp"
              },
              {
                "name": "20080123 Web Wiz Forums Directory traversal",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/486866/100/0/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-01-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files.  NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-15T20:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20080123 Web Wiz Rich Text Editor Directory traversal + HTM/HTML filecreation on the server",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/486868/100/0/threaded"
            },
            {
              "name": "4970",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4970"
            },
            {
              "name": "4971",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/4971"
            },
            {
              "name": "27419",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27419"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bugreport.ir/?/29"
            },
            {
              "name": "3584",
              "tags": [
                "third-party-advisory",
                "x_refsource_SREASON"
              ],
              "url": "http://securityreason.com/securityalert/3584"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.bugreport.ir/?/31"
            },
            {
              "name": "1019267",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019267"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp"
            },
            {
              "name": "20080123 Web Wiz Forums Directory traversal",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/486866/100/0/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-0466",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files.  NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20080123 Web Wiz Rich Text Editor Directory traversal + HTM/HTML filecreation on the server",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/486868/100/0/threaded"
                },
                {
                  "name": "4970",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4970"
                },
                {
                  "name": "4971",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/4971"
                },
                {
                  "name": "27419",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27419"
                },
                {
                  "name": "http://www.bugreport.ir/?/29",
                  "refsource": "MISC",
                  "url": "http://www.bugreport.ir/?/29"
                },
                {
                  "name": "3584",
                  "refsource": "SREASON",
                  "url": "http://securityreason.com/securityalert/3584"
                },
                {
                  "name": "http://www.bugreport.ir/?/31",
                  "refsource": "MISC",
                  "url": "http://www.bugreport.ir/?/31"
                },
                {
                  "name": "1019267",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019267"
                },
                {
                  "name": "http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp",
                  "refsource": "MISC",
                  "url": "http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp"
                },
                {
                  "name": "20080123 Web Wiz Forums Directory traversal",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/486866/100/0/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-0466",
        "datePublished": "2008-01-28T23:00:00.000Z",
        "dateReserved": "2008-01-28T00:00:00.000Z",
        "dateUpdated": "2024-08-07T07:46:54.540Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-2733 (GCVE-0-2004-2733)

    Vulnerability from cvelistv5 – Published: 2007-10-09 10:00 – Updated: 2024-08-08 01:36
    VLAI
    Summary
    Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://securitytracker.com/id?1010012 vdb-entryx_refsource_SECTRACK
    http://www.osvdb.org/5751 vdb-entryx_refsource_OSVDB
    http://www.securityfocus.com/bid/10255 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://secunia.com/advisories/11525 third-party-advisoryx_refsource_SECUNIA
    http://www.osvdb.org/5750 vdb-entryx_refsource_OSVDB
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    Date Public
    2004-04-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T01:36:25.288Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "1010012",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1010012"
              },
              {
                "name": "5751",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/5751"
              },
              {
                "name": "10255",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/10255"
              },
              {
                "name": "webwizforums-popuptopicadmin-modify(16030)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16030"
              },
              {
                "name": "11525",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/11525"
              },
              {
                "name": "5750",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/5750"
              },
              {
                "name": "webwizforums-unauth-ip-blocking(16031)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16031"
              },
              {
                "name": "20040430 Critical bug in Web Wiz Forum",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-04/1119.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-04-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-28T12:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "1010012",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1010012"
            },
            {
              "name": "5751",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/5751"
            },
            {
              "name": "10255",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/10255"
            },
            {
              "name": "webwizforums-popuptopicadmin-modify(16030)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16030"
            },
            {
              "name": "11525",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/11525"
            },
            {
              "name": "5750",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/5750"
            },
            {
              "name": "webwizforums-unauth-ip-blocking(16031)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16031"
            },
            {
              "name": "20040430 Critical bug in Web Wiz Forum",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-04/1119.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-2733",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "1010012",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1010012"
                },
                {
                  "name": "5751",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/5751"
                },
                {
                  "name": "10255",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/10255"
                },
                {
                  "name": "webwizforums-popuptopicadmin-modify(16030)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16030"
                },
                {
                  "name": "11525",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/11525"
                },
                {
                  "name": "5750",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/5750"
                },
                {
                  "name": "webwizforums-unauth-ip-blocking(16031)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16031"
                },
                {
                  "name": "20040430 Critical bug in Web Wiz Forum",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-04/1119.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-2733",
        "datePublished": "2007-10-09T10:00:00.000Z",
        "dateReserved": "2007-10-08T00:00:00.000Z",
        "dateUpdated": "2024-08-08T01:36:25.288Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-0175 (GCVE-0-2006-0175)

    Vulnerability from cvelistv5 – Published: 2006-01-11 21:00 – Updated: 2024-08-07 16:25
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/421615/100… mailing-listx_refsource_BUGTRAQ
    http://www.osvdb.org/22398 vdb-entryx_refsource_OSVDB
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/16196 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2006-01-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T16:25:34.002Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20060111 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34(search_form.asp)",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/421615/100/0/threaded"
              },
              {
                "name": "22398",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/22398"
              },
              {
                "name": "20060109 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34 (search_form.asp)",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0299.html"
              },
              {
                "name": "16196",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/16196"
              },
              {
                "name": "webwizforums-searchform-xss(24048)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24048"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-01-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-19T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20060111 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34(search_form.asp)",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/421615/100/0/threaded"
            },
            {
              "name": "22398",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/22398"
            },
            {
              "name": "20060109 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34 (search_form.asp)",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0299.html"
            },
            {
              "name": "16196",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/16196"
            },
            {
              "name": "webwizforums-searchform-xss(24048)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24048"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-0175",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20060111 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34(search_form.asp)",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/421615/100/0/threaded"
                },
                {
                  "name": "22398",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/22398"
                },
                {
                  "name": "20060109 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34 (search_form.asp)",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0299.html"
                },
                {
                  "name": "16196",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/16196"
                },
                {
                  "name": "webwizforums-searchform-xss(24048)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24048"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-0175",
        "datePublished": "2006-01-11T21:00:00.000Z",
        "dateReserved": "2006-01-11T00:00:00.000Z",
        "dateUpdated": "2024-08-07T16:25:34.002Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }