Page 15 of 84 results (0.008 seconds)

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number. • http://marc.info/?l=bugtraq&m=112544896117131&w=2 http://www.securityfocus.com/bid/14699 https://exchange.xforce.ibmcloud.com/vulnerabilities/22059 •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0

doping.php in ePing plugin 1.02 and earlier for e107 portal allows remote attackers to execute arbitrary code or overwrite files via (1) shell metacharacters in the eping_count parameter or (2) restricted shell metacharacters such as ">" and "&" in the eping_host parameter, which is not handled by the validation function. • http://e107plugins.co.uk/news.php http://marc.info/?l=bugtraq&m=112328161319148&w=2 •

CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 2

Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags. Vulnerabilidad de secuencia de comandos en sitios cruzados en e107 0.617 y anteriores permite que atacantes remotos inyecten script web arbitrario o HTML mediante tags anidadas " [URL]BBCode". • https://www.exploit-db.com/exploits/1106 http://securitytracker.com/id?1014513 •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0

The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter. • http://e107plugins.co.uk/news.php http://marc.info/?l=bugtraq&m=111835539312985&w=2 http://marc.info/?l=bugtraq&m=111868460811287&w=2 http://secunia.com/advisories/15678 •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The eTrace_validaddr function in eTrace plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter. • http://marc.info/?l=bugtraq&m=111868460811287&w=2 http://www.securityfocus.com/bid/13934 •