Vulnerabilities > E107
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-10-29 | CVE-2008-4785 | SQL Injection vulnerability in E107 Alternate Profiles Plugin 0.2 SQL injection vulnerability in newuser.php in the alternate_profiles plugin, possibly 0.2, for e107 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2008-04-30 | CVE-2008-2020 | Use of Insufficiently Random Values vulnerability in multiple products The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 and 8.1, (2) my123tkShop e-Commerce-Suite (aka 123tkShop) 0.9.1, (3) phpMyBitTorrent 1.2.2, (4) TorrentFlux 2.3, (5) e107 0.7.11, (6) WebZE 0.5.9, (7) Open Media Collectors Database (aka OpenDb) 1.5.0b4, and (8) Labgab 1.1 uses a code_bg.jpg background image and the PHP ImageString function in a way that produces an insufficient number of different images, which allows remote attackers to pass the CAPTCHA test via an automated attack using a table of all possible image checksums and their corresponding digit strings. network low complexity my123tkshop phpmybittorrent webze e107 labgab phpnuke torrentflux-project opendb CWE-330 | 7.5 |
2008-04-27 | CVE-2008-1989 | Code Injection vulnerability in multiple products PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter. | 10.0 |
2008-04-08 | CVE-2008-1702 | Improper Input Validation vulnerability in E107 MY Gallery 2.3 Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. | 4.3 |
2007-06-27 | CVE-2007-3429 | Unspecified vulnerability in E107 Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such as .php.jpg. network e107 | 6.8 |
2006-11-07 | CVE-2006-5786 | Local File Include vulnerability in E107 0.7.5 Directory traversal vulnerability in class2.php in e107 0.7.5 and earlier allows remote attackers to read and execute PHP code in arbitrary files via ".." sequences in the e107language_e107cookie cookie to gsitemap.php. | 7.5 |
2006-09-14 | CVE-2006-4794 | Cross-Site Scripting vulnerability in E107 0.7.5 Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (8) submitnews.php, and (9) user.php. network e107 | 4.3 |
2006-09-13 | CVE-2006-4757 | SQL-Injection vulnerability in E107 Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. | 4.6 |
2006-09-06 | CVE-2006-4548 | Remote Security vulnerability in e107 e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_include image/jpeg parameter in e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php, as demonstrated by a multipart/form-data request. | 7.5 |
2006-06-27 | CVE-2006-3259 | Cross-Site Scripting vulnerability in e107 Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment). network e107 | 4.3 |