Page 5 of 25 results (0.008 seconds)

CVSS: 4.3EPSS: 1%CPEs: 47EXPL: 4

Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) ep parameter to search.php and the (2) subject parameter in comment.php (aka the Subject field when posting a comment). Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en e107 v0.7.5, permiten a atacantes remotos inyectar secuencias de comandos Web o HTML de su elección a través de (1) el parámetro ep en search.php y (2) el parámetro subject de comment.php (también conocido como el campo Subject cuando se añade un comentario). • https://www.exploit-db.com/exploits/28063 https://www.exploit-db.com/exploits/28078 http://secunia.com/advisories/20727 http://securityreason.com/securityalert/1151 http://www.securityfocus.com/archive/1/437649/100/0/threaded http://www.securityfocus.com/bid/18508 http://www.securityfocus.com/bid/18560 http://www.vupen.com/english/advisories/2006/2460 https://exchange.xforce.ibmcloud.com/vulnerabilities/27240 https://exchange.xforce.ibmcloud.com/vulnerabilities/27242 •

CVSS: 5.1EPSS: 2%CPEs: 18EXPL: 0

SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name']. • http://secunia.com/advisories/20089 http://securityreason.com/securityalert/905 http://www.osvdb.org/25521 http://www.securityfocus.com/archive/1/433938/100/0/threaded http://www.securityfocus.com/bid/17966 http://www.vupen.com/english/advisories/2006/1802 https://exchange.xforce.ibmcloud.com/vulnerabilities/26434 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 45EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://e107.org/comment.php?comment.news.776 http://secunia.com/advisories/18816 http://www.securityfocus.com/bid/16614 http://www.vupen.com/english/advisories/2006/0540 https://exchange.xforce.ibmcloud.com/vulnerabilities/24625 •

CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 2

ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php. • https://www.exploit-db.com/exploits/704 http://e107.org/comment.php?comment.news.672 http://secunia.com/advisories/13657 http://securitytracker.com/id?1012657 http://www.osvdb.org/12586 http://www.securityfocus.com/bid/12111 https://exchange.xforce.ibmcloud.com/vulnerabilities/18670 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 1

Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php. • https://www.exploit-db.com/exploits/24138 http://marc.info/?l=bugtraq&m=108515632622796&w=2 http://secunia.com/advisories/11693 http://www.osvdb.org/6345 http://www.securityfocus.com/bid/10395 https://exchange.xforce.ibmcloud.com/vulnerabilities/16231 •