E107

E107

82 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.34%
  • Veröffentlicht 06.09.2005 22:03:00
  • Zuletzt bearbeitet 16.06.2026 22:15:42

forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number.

  • EPSS 2.26%
  • Veröffentlicht 16.08.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:15:12

doping.php in ePing plugin 1.02 and earlier for e107 portal allows remote attackers to execute arbitrary code or overwrite files via (1) shell metacharacters in the eping_count parameter or (2) restricted shell metacharacters such as ">" and "&" in t...

Exploit
  • EPSS 2.73%
  • Veröffentlicht 20.07.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:14:41

Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags.

  • EPSS 2.14%
  • Veröffentlicht 16.06.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:13:58

The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter.

  • EPSS 1.83%
  • Veröffentlicht 10.06.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:13:59

The eTrace_validaddr function in eTrace plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter.

Exploit
  • EPSS 14.91%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 16.06.2026 22:09:19

ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.

Exploit
  • EPSS 1.91%
  • Veröffentlicht 29.05.2004 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:08:53

Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.p...

Exploit
  • EPSS 5.14%
  • Veröffentlicht 29.05.2004 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:08:52

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) av...

Exploit
  • EPSS 1.78%
  • Veröffentlicht 29.05.2004 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:08:52

e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP erro...

Exploit
  • EPSS 1.26%
  • Veröffentlicht 21.05.2004 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:08:51

Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields.