Vulnerabilities > E107
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-09-06 | CVE-2005-2805 | Unspecified vulnerability in E107 0.603/0.616/0.617 forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number. | 5.0 |
2005-07-20 | CVE-2005-2327 | Cross-Site Scripting vulnerability in E107 Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags. network e107 | 4.3 |
2005-06-10 | CVE-2005-1966 | Remote Command Execution vulnerability in E107 1.0.1 The eTrace_validaddr function in eTrace plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter. | 7.5 |
2004-12-31 | CVE-2004-2261 | Script HTML Injection vulnerability in e107 Website System Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions. network e107 | 4.3 |
2004-05-29 | CVE-2004-2042 | Multiple vulnerability in E107 0.615/0.615A Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php. | 7.5 |
2004-05-29 | CVE-2004-2041 | Multiple vulnerability in e107 Website System PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code. | 7.5 |
2004-05-29 | CVE-2004-2040 | Multiple vulnerability in E107 0.615/0.615A Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php. network e107 | 4.3 |
2004-05-29 | CVE-2004-2039 | Multiple vulnerability in E107 0.615/0.615A e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message. | 5.0 |
2004-05-21 | CVE-2004-2031 | HTML Injection vulnerability in e107 Website System Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields. network e107 | 4.3 |
2004-05-21 | CVE-2004-2028 | HTML Injection vulnerability in e107 Website System Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php. network e107 | 4.3 |