This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Name cpe:/a:e107:e107:0.616
Detail
Vendor e107 First view 2004-12-31
Product e107 Last view 2012-02-14
Version 0.616 Type Application
Edition  
Language  
Update  
 
CPE Product cpe:/a:e107:e107

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
6 2012-02-14 CVE-2010-5084 Network Medium Requires ...
7.5 2011-11-04 CVE-2011-1513 Network Low None Requ...
4.3 2011-03-15 CVE-2011-0457 Network Medium None Requ...
4.3 2011-03-15 CVE-2010-4757 Network Medium None Requ...
7.5 2010-05-27 CVE-2010-2099 Network Low None Requ...
Hide | Show 14 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
7.5 2010-05-27 CVE-2010-2098 Network Low None Requ...
6 2010-04-20 CVE-2010-0996 Network Medium Requires ...
7.5 2009-11-29 CVE-2009-4084 Network Low None Requ...
4.3 2009-11-29 CVE-2009-4083 Network Medium None Requ...
4.3 2009-09-28 CVE-2009-3444 Network Medium None Requ...
5.1 2009-04-24 CVE-2009-1409 Network High None Requ...
6.5 2008-12-03 CVE-2008-5320 Network Low Requires ...
4.6 2006-09-13 CVE-2006-4757 Network High Requires ...
4.3 2006-06-27 CVE-2006-3259 Network Medium None Requ...
5.1 2006-05-16 CVE-2006-2416 Network High None Requ...
4.3 2006-02-14 CVE-2006-0682 Network Medium None Requ...
5 2005-09-06 CVE-2005-2805 Network Low None Requ...
4.3 2005-07-20 CVE-2005-2327 Network Medium None Requ...
5 2004-12-31 CVE-2004-2262 Network Low None Requ...

CWE : Common Weakness Enumeration

%idName
36% (4)CWE-89Improper Sanitization of Special Elements used in an SQL Command ('...
36% (4)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
9% (1)CWE-352Cross-Site Request Forgery (CSRF)
9% (1)CWE-264Permissions, Privileges, and Access Controls
9% (1)CWE-78Improper Sanitization of Special Elements used in an OS Command ('O...

CAPEC : Common Attack Pattern Enumeration & Classification

idName
CAPEC-1Accessing Functionality Not Properly Constrained by ACLs
CAPEC-122Exploitation of Authorization

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
77042e107 CMS install_.php MySQL Server Name Parsing Remote PHP Code Execution
67367e107 submitnews.php submitnews_title Parameter XSS
65243e107 bbcode/php.bb Access Control Check Weakness Arbitrary PHP Code Execution
65056e107 usersettings.php loginname Parameter Blacklist Weakness SQL Injection
63910e107 Crafted .php.filetypesphp Image File Upload Arbitrary PHP Code Execution
Hide | Show 20 More...
idDescription
60829e107 e107_admin/mailout.php Unspecified Parameter XSS
60828e107 e107_admin/links.php Unspecified Parameter XSS
60827e107 e107_admin/frontpage.php Unspecified Parameter XSS
60826e107 e107_admin/users_extended.php Unspecified Parameter XSS
60825e107 e107_admin/download.php Unspecified Parameter XSS
60824e107 e107_admin/cpage.php Unspecified Parameter XSS
60823e107 e107_admin/banner.php Unspecified Parameter XSS
60822e107 e107_admin/banlist.php Unspecified Parameter XSS
60821e107 e107_admin/newpost.php Unspecified Parameter XSS
60820e107 e107_admin/usersettings.php Unspecified Parameter XSS
60819e107 e107_admin/submitnews.php Unspecified Parameter XSS
60608e107 Search Feature Unspecified SQL Injection
58363e107 email.php HTTP Referer Header XSS
53812e107 usersettings.php hide Parameter SQL Injection
49207e107 usersettings.php ue[] Array Parameter SQL Injection
30039e107 download.php download_category_class Parameter SQL Injection
30038e107 users.php searchquery Parameter SQL Injection
30037e107 links.php Multiple Parameter SQL Injection
26685e107 Comment Post Subject Field XSS
26684e107 search.php Multiple Parameter XSS

Milw0rm Exploits

idDescription
2009-04-20e107 <= 0.7.15 (extended_user_fields) Blind SQL Injection Exploit
2008-10-19e107 <= 0.7.13 (usersettings.php) Blind SQL Injection Exploit
2005-07-14e107 <= 0.617 XSS Remote Cookie Disclosure Exploit
2004-12-22e107 include() Remote Exploit

OpenVAS Exploits

idDescription
2010-05-25Name : e107 BBCode Arbitrary PHP Code Execution Vulnerability
File : nvt/gb_e107_40252.nasl
2010-05-04Name : FreeBSD Ports: e107
File : nvt/freebsd_e107.nasl
2009-10-08Name : e107 'Referer' Header Cross-Site Scripting Vulnerability
File : nvt/gb_e107_referer_xss_vuln.nasl

Nessus® Vulnerability Scanner

idDescription
2013-01-28Name : The remote web server contains a PHP script that allows for arbitrary file up...
File : e107_unauthorized_file_upload.nasl - Type : ACT_DESTRUCTIVE_ATTACK
2010-05-21Name : The remote web server contains a PHP script that allows arbitrary code execut...
File : e107_bbcode_php_code_execution.nasl - Type : ACT_ATTACK
2010-04-21Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_a4746a864c8911df83fb0015587e2cc1.nasl - Type : ACT_GATHER_INFO
2009-12-10Name : A PHP script on the remote web server is affected by a cross-site scripting v...
File : e107_submitnews_xss.nasl - Type : ACT_ATTACK
2006-05-15Name : The remote web server contains a PHP script that is affected by a SQL injecti...
File : e107_cookie_sql_injection.nasl - Type : ACT_ATTACK