Page 9 of 55 results (0.004 seconds)

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

e107 0.6174 allows remote attackers to vote multiple times for a download via repeated requests to rate.php. • http://e107.org/e107_plugins/bugtrack/bugtrack.php?1625.show http://secunia.com/advisories/17890 http://www.securityfocus.com/archive/1/418577/100/0/threaded http://www.securityfocus.com/bid/15748 •

CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1

e107 0.6174 allows remote attackers to redirect users to other web sites via the download parameter in rate.php, which is used after a user submits a file download rating. NOTE: in the default installation, the e_BASE variable restricts the redirection to the same web site. • http://secunia.com/advisories/17890 http://securityreason.com/securityalert/229 http://www.securityfocus.com/archive/1/418577/100/0/threaded •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 2

SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page. • http://e107.org/news.php http://marc.info/?l=bugtraq&m=112967223222966&w=2 http://secunia.com/advisories/17237 http://securitytracker.com/id?1015069 http://www.osvdb.org/20070 http://www.securityfocus.com/bid/15125 https://exchange.xforce.ibmcloud.com/vulnerabilities/22780 •

CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0

forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number. • http://marc.info/?l=bugtraq&m=112544896117131&w=2 http://www.securityfocus.com/bid/14699 https://exchange.xforce.ibmcloud.com/vulnerabilities/22059 •

CVSS: 4.3EPSS: 0%CPEs: 37EXPL: 2

Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags. Vulnerabilidad de secuencia de comandos en sitios cruzados en e107 0.617 y anteriores permite que atacantes remotos inyecten script web arbitrario o HTML mediante tags anidadas " [URL]BBCode". • https://www.exploit-db.com/exploits/1106 http://securitytracker.com/id?1014513 •