CVSS: 4.3EPSS: 2%CPEs: 2EXPL: 4CVE-2004-2040 – e107 website system 0.6 - 'email article to a friend' Feature Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2004-2040
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php. • https://www.exploit-db.com/exploits/24154 https://www.exploit-db.com/exploits/24153 http://marc.info/?l=bugtraq&m=108588043007224&w=2 http://marc.info/?l=full-disclosure&m=108586723116427&w=2 http://secunia.com/advisories/11740 http://www.osvdb.org/6526 http://www.osvdb.org/6527 http://www.osvdb.org/6528 http://www.osvdb.org/6529 http://www.securityfocus.com/bid/10436 http://www.waraxe.us/index.php?modname=sa&id=31 https://exchange.xforce.ibmclo •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 5CVE-2004-2042
https://notcve.org/view.php?id=CVE-2004-2042
Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php. • http://marc.info/?l=bugtraq&m=108588043007224&w=2 http://marc.info/?l=full-disclosure&m=108586723116427&w=2 http://secunia.com/advisories/11740 http://www.osvdb.org/6531 http://www.osvdb.org/6532 http://www.osvdb.org/6533 http://www.securityfocus.com/bid/10436 http://www.waraxe.us/index.php?modname=sa&id=31 https://exchange.xforce.ibmcloud.com/vulnerabilities/16283 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 3CVE-2004-2039
https://notcve.org/view.php?id=CVE-2004-2039
e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message. • http://marc.info/?l=bugtraq&m=108588043007224&w=2 http://marc.info/?l=full-disclosure&m=108586723116427&w=2 http://secunia.com/advisories/11740 http://www.osvdb.org/6525 http://www.securityfocus.com/bid/10436 http://www.waraxe.us/index.php?modname=sa&id=31 https://exchange.xforce.ibmcloud.com/vulnerabilities/16277 •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 2CVE-2004-2041
https://notcve.org/view.php?id=CVE-2004-2041
PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code. • http://marc.info/?l=bugtraq&m=108588043007224&w=2 http://marc.info/?l=full-disclosure&m=108586723116427&w=2 http://secunia.com/advisories/11740 http://www.osvdb.org/6530 http://www.securityfocus.com/bid/10436 http://www.waraxe.us/index.php?modname=sa&id=31 https://exchange.xforce.ibmcloud.com/vulnerabilities/16282 •
CVSS: 4.3EPSS: 1%CPEs: 11EXPL: 2CVE-2004-2031
https://notcve.org/view.php?id=CVE-2004-2031
Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields. • http://marc.info/?l=bugtraq&m=108541119526279&w=2 http://secunia.com/advisories/11696 http://www.osvdb.org/6410 http://www.securityfocus.com/bid/10405 https://exchange.xforce.ibmcloud.com/vulnerabilities/16241 •