This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Summuary | |
|---|---|
| CPE Name | cpe:/a:e107:e107:0.615a |
| Detail | |||
|---|---|---|---|
| Vendor | e107 | First view | 2004-05-21 |
| Product | e107 | Last view | 2012-02-14 |
| Version | 0.615a | Type | Application |
| Edition | |||
| Language | |||
| Update | |||
| CPE Product | cpe:/a:e107:e107 | ||
Activity : Overall
Related : CVE
| Date | Alert | Access Vector | Access Complexity | Authentication | ||
|---|---|---|---|---|---|---|
| 6 | 2012-02-14 | CVE-2010-5084 | Network | Medium | Requires ... | |
| 7.5 | 2011-11-04 | CVE-2011-1513 | Network | Low | None Requ... | |
| 4.3 | 2011-03-15 | CVE-2011-0457 | Network | Medium | None Requ... | |
| 4.3 | 2011-03-15 | CVE-2010-4757 | Network | Medium | None Requ... | |
| 7.5 | 2010-05-27 | CVE-2010-2099 | Network | Low | None Requ... | |
| Date | Alert | Access Vector | Access Complexity | Authentication | ||
|---|---|---|---|---|---|---|
| 7.5 | 2010-05-27 | CVE-2010-2098 | Network | Low | None Requ... | |
| 6 | 2010-04-20 | CVE-2010-0996 | Network | Medium | Requires ... | |
| 7.5 | 2009-11-29 | CVE-2009-4084 | Network | Low | None Requ... | |
| 4.3 | 2009-11-29 | CVE-2009-4083 | Network | Medium | None Requ... | |
| 4.3 | 2009-09-28 | CVE-2009-3444 | Network | Medium | None Requ... | |
| 5.1 | 2009-04-24 | CVE-2009-1409 | Network | High | None Requ... | |
| 6.5 | 2008-12-03 | CVE-2008-5320 | Network | Low | Requires ... | |
| 4.6 | 2006-09-13 | CVE-2006-4757 | Network | High | Requires ... | |
| 4.3 | 2006-06-27 | CVE-2006-3259 | Network | Medium | None Requ... | |
| 4.3 | 2006-02-14 | CVE-2006-0682 | Network | Medium | None Requ... | |
| 4.3 | 2005-07-20 | CVE-2005-2327 | Network | Medium | None Requ... | |
| 5 | 2004-12-31 | CVE-2004-2262 | Network | Low | None Requ... | |
| 7.5 | 2004-05-29 | CVE-2004-2042 | Network | Low | None Requ... | |
| 4.3 | 2004-05-21 | CVE-2004-2031 | Network | Medium | None Requ... |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 40% (4) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 30% (3) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
| 10% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 10% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
| 10% (1) | CWE-78 | Improper Sanitization of Special Elements used in an OS Command ('O... |
CAPEC : Common Attack Pattern Enumeration & Classification
| id | Name |
|---|---|
| CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs |
| CAPEC-122 | Exploitation of Authorization |
Open Source Vulnerability Database (OSVDB)
This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
| id | Description |
|---|---|
| 77042 | e107 CMS install_.php MySQL Server Name Parsing Remote PHP Code Execution |
| 67367 | e107 submitnews.php submitnews_title Parameter XSS |
| 65243 | e107 bbcode/php.bb Access Control Check Weakness Arbitrary PHP Code Execution |
| 65056 | e107 usersettings.php loginname Parameter Blacklist Weakness SQL Injection |
| 63910 | e107 Crafted .php.filetypesphp Image File Upload Arbitrary PHP Code Execution |
| id | Description |
|---|---|
| 60829 | e107 e107_admin/mailout.php Unspecified Parameter XSS |
| 60828 | e107 e107_admin/links.php Unspecified Parameter XSS |
| 60827 | e107 e107_admin/frontpage.php Unspecified Parameter XSS |
| 60826 | e107 e107_admin/users_extended.php Unspecified Parameter XSS |
| 60825 | e107 e107_admin/download.php Unspecified Parameter XSS |
| 60824 | e107 e107_admin/cpage.php Unspecified Parameter XSS |
| 60823 | e107 e107_admin/banner.php Unspecified Parameter XSS |
| 60822 | e107 e107_admin/banlist.php Unspecified Parameter XSS |
| 60821 | e107 e107_admin/newpost.php Unspecified Parameter XSS |
| 60820 | e107 e107_admin/usersettings.php Unspecified Parameter XSS |
| 60819 | e107 e107_admin/submitnews.php Unspecified Parameter XSS |
| 60608 | e107 Search Feature Unspecified SQL Injection |
| 58363 | e107 email.php HTTP Referer Header XSS |
| 53812 | e107 usersettings.php hide Parameter SQL Injection |
| 49207 | e107 usersettings.php ue[] Array Parameter SQL Injection |
| 30039 | e107 download.php download_category_class Parameter SQL Injection |
| 30038 | e107 users.php searchquery Parameter SQL Injection |
| 30037 | e107 links.php Multiple Parameter SQL Injection |
| 26685 | e107 Comment Post Subject Field XSS |
| 26684 | e107 search.php Multiple Parameter XSS |
Milw0rm Exploits
| id | Description |
|---|---|
| 2009-04-20 | e107 <= 0.7.15 (extended_user_fields) Blind SQL Injection Exploit |
| 2008-10-19 | e107 <= 0.7.13 (usersettings.php) Blind SQL Injection Exploit |
| 2005-07-14 | e107 <= 0.617 XSS Remote Cookie Disclosure Exploit |
| 2004-12-22 | e107 include() Remote Exploit |
OpenVAS Exploits
| id | Description |
|---|---|
| 2010-05-25 | Name : e107 BBCode Arbitrary PHP Code Execution Vulnerability File : nvt/gb_e107_40252.nasl |
| 2010-05-04 | Name : FreeBSD Ports: e107 File : nvt/freebsd_e107.nasl |
| 2009-10-08 | Name : e107 'Referer' Header Cross-Site Scripting Vulnerability File : nvt/gb_e107_referer_xss_vuln.nasl |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2013-01-28 | Name : The remote web server contains a PHP script that allows for arbitrary file up... File : e107_unauthorized_file_upload.nasl - Type : ACT_DESTRUCTIVE_ATTACK |
| 2010-05-21 | Name : The remote web server contains a PHP script that allows arbitrary code execut... File : e107_bbcode_php_code_execution.nasl - Type : ACT_ATTACK |
| 2010-04-21 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_a4746a864c8911df83fb0015587e2cc1.nasl - Type : ACT_GATHER_INFO |
| 2009-12-10 | Name : A PHP script on the remote web server is affected by a cross-site scripting v... File : e107_submitnews_xss.nasl - Type : ACT_ATTACK |
