CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2590
https://notcve.org/view.php?id=CVE-2006-2590
25 May 2006 — SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. • http://e107.org/comment.php?comment.news.788 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2006-2591
https://notcve.org/view.php?id=CVE-2006-2591
25 May 2006 — Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit". • http://e107.org/comment.php?comment.news.788 •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2006-2416
https://notcve.org/view.php?id=CVE-2006-2416
16 May 2006 — SQL injection vulnerability in class2.php in e107 0.7.2 and earlier allows remote attackers to execute arbitrary SQL commands via a cookie as defined in $pref['cookie_name']. • http://secunia.com/advisories/20089 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2006-0857 – E107 Website System 0.7.2 Chatbox Plugin - HTML Injection
https://notcve.org/view.php?id=CVE-2006-0857
23 Feb 2006 — Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element. • https://www.exploit-db.com/exploits/27247 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 45EXPL: 0CVE-2006-0682
https://notcve.org/view.php?id=CVE-2006-0682
15 Feb 2006 — Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system in e107 before 0.7.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. • http://e107.org/comment.php?comment.news.776 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2005-4224
https://notcve.org/view.php?id=CVE-2005-4224
14 Dec 2005 — Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, content_rating, and content_summary parameters in subcontent.php, (3) the download_category and file_demo in upload.php, and (4) the email, hideemail, user_timezone, and user_xup parameters in usersettings.php. • http://glide.stanford.edu/yichen/research/sec.pdf •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2005-4051
https://notcve.org/view.php?id=CVE-2005-4051
07 Dec 2005 — e107 0.6174 allows remote attackers to vote multiple times for a download via repeated requests to rate.php. • http://e107.org/e107_plugins/bugtrack/bugtrack.php?1625.show •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2005-4052
https://notcve.org/view.php?id=CVE-2005-4052
07 Dec 2005 — e107 0.6174 allows remote attackers to redirect users to other web sites via the download parameter in rate.php, which is used after a user submits a file download rating. NOTE: in the default installation, the e_BASE variable restricts the redirection to the same web site. • http://secunia.com/advisories/17890 •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3594
https://notcve.org/view.php?id=CVE-2005-3594
16 Nov 2005 — game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables. • http://marc.info/?l=bugtraq&m=113141422014568&w=2 •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 2CVE-2005-3521
https://notcve.org/view.php?id=CVE-2005-3521
06 Nov 2005 — SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page. • http://e107.org/news.php •