Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
e107 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2004-2039
e107 0.615 allows remote malicious users to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message.
E107 E107 0.6 15
E107 E107 0.6 15a
NA
CVE-2004-2040
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote malicious users to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg ...
E107 E107 0.6 15a
E107 E107 0.6 15
2 EDB exploits
NA
CVE-2004-2042
Multiple SQL injection vulnerabilities in e107 0.615 allow remote malicious users to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php.
E107 E107 0.615a
E107 E107 0.615
NA
CVE-2006-0857
Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote malicious users to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element.
E107 Chatbox Plugin 1.0
E107 E107 0.7.2
1 EDB exploit
8.8
CVSSv3
CVE-2021-27885
usersettings.php in e107 up to and including 2.3.0 lacks a certain e_TOKEN protection mechanism.
E107 E107
NA
CVE-2005-1949
The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote malicious users to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter.
E107 E107
NA
CVE-2005-3594
game_score.php in e107 allows remote malicious users to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables.
E107 E107
NA
CVE-2005-2559
doping.php in ePing plugin 1.02 and previous versions for e107 portal allows remote malicious users to execute arbitrary code or overwrite files via (1) shell metacharacters in the eping_count parameter or (2) restricted shell metacharacters such as ">" and "&am...
E107 E107
NA
CVE-2004-2262
ImageManager in e107 prior to 0.617 does not properly check the types of uploaded files, which allows remote malicious users to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.
E107 E107
1 EDB exploit
NA
CVE-2011-4920
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, and other versions prior to 1.0.0, allow remote malicious users to inject arbitrary web script or HTML via the URL to (1) e107_images/thumb.php or (2) rate.php, (3) resend_name parameter to e107_admin/users.php, ...
E107 E107 0.7.26
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »