E107

E107

70 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2005-2327

Exploit
  • EPSS 0.43%
  • Veröffentlicht 20.07.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags.

7.5

CVE-2005-1949

  • EPSS 1.01%
  • Veröffentlicht 16.06.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter.

7.5

CVE-2005-1966

  • EPSS 0.9%
  • Veröffentlicht 10.06.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The eTrace_validaddr function in eTrace plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter.

7.5

CVE-2004-2262

Exploit
  • EPSS 21.87%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.

7.5

CVE-2004-2042

Exploit
  • EPSS 3.26%
  • Veröffentlicht 29.05.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.p...

4.3

CVE-2004-2040

Exploit
  • EPSS 2.01%
  • Veröffentlicht 29.05.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) av...

5

CVE-2004-2039

Exploit
  • EPSS 0.99%
  • Veröffentlicht 29.05.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP erro...

4.3

CVE-2004-2031

Exploit
  • EPSS 0.57%
  • Veröffentlicht 21.05.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields.

4.3

CVE-2004-2028

  • EPSS 0.66%
  • Veröffentlicht 21.05.2004 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php.

5

CVE-2003-1191

Exploit
  • EPSS 5.22%
  • Veröffentlicht 29.10.2003 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service (pages fail to load) via HTML in the Name field, which prevents the main.php form from being loaded.