Search criteria
6 vulnerabilities found for web_wiz_forums by webwiz
CVE-2008-0466 (GCVE-0-2008-0466)
Vulnerability from nvd – Published: 2008-01-28 23:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080123 Web Wiz Rich Text Editor Directory traversal + HTM/HTML filecreation on the server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486868/100/0/threaded"
},
{
"name": "4970",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4970"
},
{
"name": "4971",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4971"
},
{
"name": "27419",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27419"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/?/29"
},
{
"name": "3584",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3584"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/?/31"
},
{
"name": "1019267",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019267"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp"
},
{
"name": "20080123 Web Wiz Forums Directory traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486866/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080123 Web Wiz Rich Text Editor Directory traversal + HTM/HTML filecreation on the server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486868/100/0/threaded"
},
{
"name": "4970",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4970"
},
{
"name": "4971",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4971"
},
{
"name": "27419",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27419"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/?/29"
},
{
"name": "3584",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3584"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/?/31"
},
{
"name": "1019267",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019267"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp"
},
{
"name": "20080123 Web Wiz Forums Directory traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486866/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080123 Web Wiz Rich Text Editor Directory traversal + HTM/HTML filecreation on the server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486868/100/0/threaded"
},
{
"name": "4970",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4970"
},
{
"name": "4971",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4971"
},
{
"name": "27419",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27419"
},
{
"name": "http://www.bugreport.ir/?/29",
"refsource": "MISC",
"url": "http://www.bugreport.ir/?/29"
},
{
"name": "3584",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3584"
},
{
"name": "http://www.bugreport.ir/?/31",
"refsource": "MISC",
"url": "http://www.bugreport.ir/?/31"
},
{
"name": "1019267",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019267"
},
{
"name": "http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp",
"refsource": "MISC",
"url": "http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp"
},
{
"name": "20080123 Web Wiz Forums Directory traversal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486866/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0466",
"datePublished": "2008-01-28T23:00:00.000Z",
"dateReserved": "2008-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:54.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0175 (GCVE-0-2006-0175)
Vulnerability from nvd – Published: 2006-01-12 02:00 – Updated: 2024-08-07 16:25
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:34.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060111 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34(search_form.asp)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/421615/100/0/threaded"
},
{
"name": "22398",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22398"
},
{
"name": "20060109 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34 (search_form.asp)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0299.html"
},
{
"name": "16196",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16196"
},
{
"name": "webwizforums-searchform-xss(24048)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24048"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-09T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060111 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34(search_form.asp)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/421615/100/0/threaded"
},
{
"name": "22398",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22398"
},
{
"name": "20060109 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34 (search_form.asp)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0299.html"
},
{
"name": "16196",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16196"
},
{
"name": "webwizforums-searchform-xss(24048)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24048"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060111 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34(search_form.asp)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421615/100/0/threaded"
},
{
"name": "22398",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22398"
},
{
"name": "20060109 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34 (search_form.asp)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0299.html"
},
{
"name": "16196",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16196"
},
{
"name": "webwizforums-searchform-xss(24048)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24048"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0175",
"datePublished": "2006-01-12T02:00:00.000Z",
"dateReserved": "2006-01-11T05:00:00.000Z",
"dateUpdated": "2024-08-07T16:25:34.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2733 (GCVE-0-2004-2733)
Vulnerability from nvd – Published: 2007-10-09 14:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1010012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010012"
},
{
"name": "5751",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5751"
},
{
"name": "10255",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10255"
},
{
"name": "webwizforums-popuptopicadmin-modify(16030)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16030"
},
{
"name": "11525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11525"
},
{
"name": "5750",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5750"
},
{
"name": "webwizforums-unauth-ip-blocking(16031)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16031"
},
{
"name": "20040430 Critical bug in Web Wiz Forum",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-04/1119.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-30T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1010012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010012"
},
{
"name": "5751",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5751"
},
{
"name": "10255",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10255"
},
{
"name": "webwizforums-popuptopicadmin-modify(16030)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16030"
},
{
"name": "11525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11525"
},
{
"name": "5750",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5750"
},
{
"name": "webwizforums-unauth-ip-blocking(16031)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16031"
},
{
"name": "20040430 Critical bug in Web Wiz Forum",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-04/1119.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1010012",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010012"
},
{
"name": "5751",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5751"
},
{
"name": "10255",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10255"
},
{
"name": "webwizforums-popuptopicadmin-modify(16030)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16030"
},
{
"name": "11525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11525"
},
{
"name": "5750",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5750"
},
{
"name": "webwizforums-unauth-ip-blocking(16031)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16031"
},
{
"name": "20040430 Critical bug in Web Wiz Forum",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-04/1119.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2733",
"datePublished": "2007-10-09T14:00:00.000Z",
"dateReserved": "2007-10-08T04:00:00.000Z",
"dateUpdated": "2024-08-08T01:36:25.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0466 (GCVE-0-2008-0466)
Vulnerability from cvelistv5 – Published: 2008-01-28 23:00 – Updated: 2024-08-07 07:46
VLAI?
Summary
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080123 Web Wiz Rich Text Editor Directory traversal + HTM/HTML filecreation on the server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486868/100/0/threaded"
},
{
"name": "4970",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4970"
},
{
"name": "4971",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4971"
},
{
"name": "27419",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27419"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/?/29"
},
{
"name": "3584",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3584"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.bugreport.ir/?/31"
},
{
"name": "1019267",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019267"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp"
},
{
"name": "20080123 Web Wiz Forums Directory traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486866/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080123 Web Wiz Rich Text Editor Directory traversal + HTM/HTML filecreation on the server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486868/100/0/threaded"
},
{
"name": "4970",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4970"
},
{
"name": "4971",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4971"
},
{
"name": "27419",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27419"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/?/29"
},
{
"name": "3584",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3584"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.bugreport.ir/?/31"
},
{
"name": "1019267",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019267"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp"
},
{
"name": "20080123 Web Wiz Forums Directory traversal",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486866/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the configured directory tree by exploiting a separate directory traversal vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080123 Web Wiz Rich Text Editor Directory traversal + HTM/HTML filecreation on the server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486868/100/0/threaded"
},
{
"name": "4970",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4970"
},
{
"name": "4971",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4971"
},
{
"name": "27419",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27419"
},
{
"name": "http://www.bugreport.ir/?/29",
"refsource": "MISC",
"url": "http://www.bugreport.ir/?/29"
},
{
"name": "3584",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3584"
},
{
"name": "http://www.bugreport.ir/?/31",
"refsource": "MISC",
"url": "http://www.bugreport.ir/?/31"
},
{
"name": "1019267",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019267"
},
{
"name": "http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp",
"refsource": "MISC",
"url": "http://www.webwizguide.com/webwizrichtexteditor/kb/release_notes.asp"
},
{
"name": "20080123 Web Wiz Forums Directory traversal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486866/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0466",
"datePublished": "2008-01-28T23:00:00.000Z",
"dateReserved": "2008-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:54.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2733 (GCVE-0-2004-2733)
Vulnerability from cvelistv5 – Published: 2007-10-09 14:00 – Updated: 2024-08-08 01:36
VLAI?
Summary
Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.288Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1010012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010012"
},
{
"name": "5751",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5751"
},
{
"name": "10255",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10255"
},
{
"name": "webwizforums-popuptopicadmin-modify(16030)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16030"
},
{
"name": "11525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11525"
},
{
"name": "5750",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5750"
},
{
"name": "webwizforums-unauth-ip-blocking(16031)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16031"
},
{
"name": "20040430 Critical bug in Web Wiz Forum",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-04/1119.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-30T04:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1010012",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010012"
},
{
"name": "5751",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5751"
},
{
"name": "10255",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10255"
},
{
"name": "webwizforums-popuptopicadmin-modify(16030)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16030"
},
{
"name": "11525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11525"
},
{
"name": "5750",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5750"
},
{
"name": "webwizforums-unauth-ip-blocking(16031)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16031"
},
{
"name": "20040430 Critical bug in Web Wiz Forum",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-04/1119.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1010012",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010012"
},
{
"name": "5751",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5751"
},
{
"name": "10255",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10255"
},
{
"name": "webwizforums-popuptopicadmin-modify(16030)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16030"
},
{
"name": "11525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11525"
},
{
"name": "5750",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5750"
},
{
"name": "webwizforums-unauth-ip-blocking(16031)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16031"
},
{
"name": "20040430 Critical bug in Web Wiz Forum",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-04/1119.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2733",
"datePublished": "2007-10-09T14:00:00.000Z",
"dateReserved": "2007-10-08T04:00:00.000Z",
"dateUpdated": "2024-08-08T01:36:25.288Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0175 (GCVE-0-2006-0175)
Vulnerability from cvelistv5 – Published: 2006-01-12 02:00 – Updated: 2024-08-07 16:25
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:34.002Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060111 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34(search_form.asp)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/421615/100/0/threaded"
},
{
"name": "22398",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22398"
},
{
"name": "20060109 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34 (search_form.asp)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0299.html"
},
{
"name": "16196",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16196"
},
{
"name": "webwizforums-searchform-xss(24048)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24048"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-09T05:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060111 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34(search_form.asp)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/421615/100/0/threaded"
},
{
"name": "22398",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22398"
},
{
"name": "20060109 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34 (search_form.asp)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0299.html"
},
{
"name": "16196",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16196"
},
{
"name": "webwizforums-searchform-xss(24048)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24048"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060111 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34(search_form.asp)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/421615/100/0/threaded"
},
{
"name": "22398",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22398"
},
{
"name": "20060109 Advisory:XSS vulnerability on WebWiz Forums \u003c= 6.34 (search_form.asp)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0299.html"
},
{
"name": "16196",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16196"
},
{
"name": "webwizforums-searchform-xss(24048)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24048"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0175",
"datePublished": "2006-01-12T02:00:00.000Z",
"dateReserved": "2006-01-11T05:00:00.000Z",
"dateUpdated": "2024-08-07T16:25:34.002Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}