Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
e107 e107 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2004-2039
e107 0.615 allows remote malicious users to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message.
E107 E107 0.6 15
E107 E107 0.6 15a
440
VMScore
CVE-2004-2040
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote malicious users to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg ...
E107 E107 0.6 15a
E107 E107 0.6 15
2 EDB exploits
668
VMScore
CVE-2004-2042
Multiple SQL injection vulnerabilities in e107 0.615 allow remote malicious users to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php.
E107 E107 0.615a
E107 E107 0.615
435
VMScore
CVE-2006-0857
Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote malicious users to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element.
E107 Chatbox Plugin 1.0
E107 E107 0.7.2
1 EDB exploit
755
VMScore
CVE-2004-2262
ImageManager in e107 prior to 0.617 does not properly check the types of uploaded files, which allows remote malicious users to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.
E107 E107
1 EDB exploit
605
VMScore
CVE-2021-27885
usersettings.php in e107 up to and including 2.3.0 lacks a certain e_TOKEN protection mechanism.
E107 E107
668
VMScore
CVE-2005-2559
doping.php in ePing plugin 1.02 and previous versions for e107 portal allows remote malicious users to execute arbitrary code or overwrite files via (1) shell metacharacters in the eping_count parameter or (2) restricted shell metacharacters such as ">" and "&am...
E107 E107
668
VMScore
CVE-2005-1949
The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote malicious users to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter.
E107 E107
445
VMScore
CVE-2005-3594
game_score.php in e107 allows remote malicious users to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables.
E107 E107
383
VMScore
CVE-2018-17081
e107 2.1.9 allows CSRF via e107_admin/wmessage.php?mode=&action=inline&ajax_used=1&id= for changing the title of an arbitrary page.
E107 E107 2.1.9
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
malicious code
camera
CVE-2023-46694
CVE-2023-43847
CVE-2023-30311
CVE-2024-27842
CVE-2024-30165
arbitrary code
CVE-2024-21683
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »