CVE-2004-2262 – e107 - 'include()' Remote File Upload
https://notcve.org/view.php?id=CVE-2004-2262
ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php. • https://www.exploit-db.com/exploits/704 http://e107.org/comment.php?comment.news.672 http://secunia.com/advisories/13657 http://securitytracker.com/id?1012657 http://www.osvdb.org/12586 http://www.securityfocus.com/bid/12111 https://exchange.xforce.ibmcloud.com/vulnerabilities/18670 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2004-2028 – e107 Website System 0.5/0.6 - 'Log.php' HTML Injection
https://notcve.org/view.php?id=CVE-2004-2028
Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php. • https://www.exploit-db.com/exploits/24138 http://marc.info/?l=bugtraq&m=108515632622796&w=2 http://secunia.com/advisories/11693 http://www.osvdb.org/6345 http://www.securityfocus.com/bid/10395 https://exchange.xforce.ibmcloud.com/vulnerabilities/16231 •