This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:e107:e107:0.615a
Detail
Vendore107First view 2004-05-21
Producte107Last view2014-07-21
Version0.615aTypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:e107:e107

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
4.32014-07-21CVE-2014-4734NetworkMediumNone Requ...
4.32014-01-22CVE-2013-7305NetworkMediumNone Requ...
4.32014-01-22CVE-2013-2750NetworkMediumNone Requ...
62012-02-14CVE-2010-5084NetworkMediumRequires ...
7.52011-11-04CVE-2011-1513NetworkLowNone Requ...
Hide | Show 17 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
4.32011-03-15CVE-2011-0457NetworkMediumNone Requ...
4.32011-03-15CVE-2010-4757NetworkMediumNone Requ...
7.52010-05-27CVE-2010-2099NetworkLowNone Requ...
7.52010-05-27CVE-2010-2098NetworkLowNone Requ...
62010-04-20CVE-2010-0996NetworkMediumRequires ...
7.52009-11-29CVE-2009-4084NetworkLowNone Requ...
4.32009-11-29CVE-2009-4083NetworkMediumNone Requ...
4.32009-09-28CVE-2009-3444NetworkMediumNone Requ...
5.12009-04-24CVE-2009-1409NetworkHighNone Requ...
6.52008-12-03CVE-2008-5320NetworkLowRequires ...
4.62006-09-13CVE-2006-4757NetworkHighRequires ...
4.32006-06-27CVE-2006-3259NetworkMediumNone Requ...
4.32006-02-14CVE-2006-0682NetworkMediumNone Requ...
4.32005-07-20CVE-2005-2327NetworkMediumNone Requ...
52004-12-31CVE-2004-2262NetworkLowNone Requ...
7.52004-05-29CVE-2004-2042NetworkLowNone Requ...
4.32004-05-21CVE-2004-2031NetworkMediumNone Requ...

CWE : Common Weakness Enumeration

%idName
46% (6)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
23% (3)CWE-89Improper Sanitization of Special Elements used in an SQL Command ('...
7% (1)CWE-352Cross-Site Request Forgery (CSRF)
7% (1)CWE-264Permissions, Privileges, and Access Controls
7% (1)CWE-255Credentials Management
Hide | Show 1 More...
%idName
7% (1)CWE-78Improper Sanitization of Special Elements used in an OS Command ('O...

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-1Accessing Functionality Not Properly Constrained by ACLs
CAPEC-122Exploitation of Authorization

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
77042e107 CMS install_.php MySQL Server Name Parsing Remote PHP Code Execution
67367e107 submitnews.php submitnews_title Parameter XSS
65243e107 bbcode/php.bb Access Control Check Weakness Arbitrary PHP Code Execution
65056e107 usersettings.php loginname Parameter Blacklist Weakness SQL Injection
63910e107 Crafted .php.filetypesphp Image File Upload Arbitrary PHP Code Execution
Hide | Show 20 More...
idDescription
60829e107 e107_admin/mailout.php Unspecified Parameter XSS
60828e107 e107_admin/links.php Unspecified Parameter XSS
60827e107 e107_admin/frontpage.php Unspecified Parameter XSS
60826e107 e107_admin/users_extended.php Unspecified Parameter XSS
60825e107 e107_admin/download.php Unspecified Parameter XSS
60824e107 e107_admin/cpage.php Unspecified Parameter XSS
60823e107 e107_admin/banner.php Unspecified Parameter XSS
60822e107 e107_admin/banlist.php Unspecified Parameter XSS
60821e107 e107_admin/newpost.php Unspecified Parameter XSS
60820e107 e107_admin/usersettings.php Unspecified Parameter XSS
60819e107 e107_admin/submitnews.php Unspecified Parameter XSS
60608e107 Search Feature Unspecified SQL Injection
58363e107 email.php HTTP Referer Header XSS
53812e107 usersettings.php hide Parameter SQL Injection
49207e107 usersettings.php ue[] Array Parameter SQL Injection
30039e107 download.php download_category_class Parameter SQL Injection
30038e107 users.php searchquery Parameter SQL Injection
30037e107 links.php Multiple Parameter SQL Injection
26685e107 Comment Post Subject Field XSS
26684e107 search.php Multiple Parameter XSS

Milw0rm Exploits

idDescription
2009-04-20e107 <= 0.7.15 (extended_user_fields) Blind SQL Injection Exploit
2008-10-19e107 <= 0.7.13 (usersettings.php) Blind SQL Injection Exploit
2005-07-14e107 <= 0.617 XSS Remote Cookie Disclosure Exploit
2004-12-22e107 include() Remote Exploit

OpenVAS Exploits

idDescription
2010-05-25Name : e107 BBCode Arbitrary PHP Code Execution Vulnerability
File : nvt/gb_e107_40252.nasl
2010-05-04Name : FreeBSD Ports: e107
File : nvt/freebsd_e107.nasl
2009-10-08Name : e107 'Referer' Header Cross-Site Scripting Vulnerability
File : nvt/gb_e107_referer_xss_vuln.nasl

Nessus® Vulnerability Scanner

idDescription
2013-05-13Name : The remote web server hosts a PHP script that is affected by a cross-site scr...
File : e107_content_preset_xss.nasl - Type : ACT_ATTACK
2013-01-28Name : The remote web server contains a PHP script that allows for arbitrary file up...
File : e107_unauthorized_file_upload.nasl - Type : ACT_DESTRUCTIVE_ATTACK
2010-05-21Name : The remote web server contains a PHP script that allows arbitrary code execut...
File : e107_bbcode_php_code_execution.nasl - Type : ACT_ATTACK
2010-04-21Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_a4746a864c8911df83fb0015587e2cc1.nasl - Type : ACT_GATHER_INFO
2009-12-10Name : A PHP script on the remote web server is affected by a cross-site scripting v...
File : e107_submitnews_xss.nasl - Type : ACT_ATTACK