This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:e107:e107:0.7
Detail
Vendore107First view 2005-12-14
Producte107Last view 2012-08-31
Version0.7TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:e107:e107

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
6.8 2012-08-31 CVE-2011-4947 Network Medium None Requ...
6 2012-02-14 CVE-2010-5084 Network Medium Requires ...
7.5 2011-11-04 CVE-2011-1513 Network Low None Requ...
4.3 2011-03-15 CVE-2011-0457 Network Medium None Requ...
4.3 2011-03-15 CVE-2010-4757 Network Medium None Requ...
Hide | Show 15 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
7.5 2010-05-27 CVE-2010-2099 Network Low None Requ...
7.5 2010-05-27 CVE-2010-2098 Network Low None Requ...
6 2010-04-20 CVE-2010-0996 Network Medium Requires ...
7.5 2009-11-29 CVE-2009-4084 Network Low None Requ...
4.3 2009-11-29 CVE-2009-4083 Network Medium None Requ...
4.3 2009-09-28 CVE-2009-3444 Network Medium None Requ...
5.1 2009-04-24 CVE-2009-1409 Network High None Requ...
6.5 2008-12-03 CVE-2008-5320 Network Low Requires ...
6.8 2007-06-26 CVE-2007-3429 Network Medium None Requ...
4.6 2006-09-13 CVE-2006-4757 Network High Requires ...
7.5 2006-09-05 CVE-2006-4548 Network Low None Requ...
4.3 2006-06-27 CVE-2006-3259 Network Medium None Requ...
5.1 2006-05-16 CVE-2006-2416 Network High None Requ...
4.3 2006-02-14 CVE-2006-0682 Network Medium None Requ...
7.5 2005-12-14 CVE-2005-4224 Network Low None Requ...

CWE : Common Weakness Enumeration

%idName
33% (4)CWE-89Improper Sanitization of Special Elements used in an SQL Command ('...
33% (4)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
16% (2)CWE-352Cross-Site Request Forgery (CSRF)
8% (1)CWE-264Permissions, Privileges, and Access Controls
8% (1)CWE-78Improper Sanitization of Special Elements used in an OS Command ('O...

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
idDescription
77042e107 CMS install_.php MySQL Server Name Parsing Remote PHP Code Execution
67367e107 submitnews.php submitnews_title Parameter XSS
65243e107 bbcode/php.bb Access Control Check Weakness Arbitrary PHP Code Execution
65056e107 usersettings.php loginname Parameter Blacklist Weakness SQL Injection
63910e107 Crafted .php.filetypesphp Image File Upload Arbitrary PHP Code Execution
Hide | Show 20 More...
idDescription
60829e107 e107_admin/mailout.php Unspecified Parameter XSS
60828e107 e107_admin/links.php Unspecified Parameter XSS
60827e107 e107_admin/frontpage.php Unspecified Parameter XSS
60826e107 e107_admin/users_extended.php Unspecified Parameter XSS
60825e107 e107_admin/download.php Unspecified Parameter XSS
60824e107 e107_admin/cpage.php Unspecified Parameter XSS
60823e107 e107_admin/banner.php Unspecified Parameter XSS
60822e107 e107_admin/banlist.php Unspecified Parameter XSS
60821e107 e107_admin/newpost.php Unspecified Parameter XSS
60820e107 e107_admin/usersettings.php Unspecified Parameter XSS
60819e107 e107_admin/submitnews.php Unspecified Parameter XSS
60608e107 Search Feature Unspecified SQL Injection
58363e107 email.php HTTP Referer Header XSS
53812e107 usersettings.php hide Parameter SQL Injection
49207e107 usersettings.php ue[] Array Parameter SQL Injection
45426e107 signup.php Double Extension Unrestricted File Upload Arbitrary Code Exec...
30039e107 download.php download_category_class Parameter SQL Injection
30038e107 users.php searchquery Parameter SQL Injection
30037e107 links.php Multiple Parameter SQL Injection
26685e107 Comment Post Subject Field XSS

Milw0rm Exploits

idDescription
2009-04-20e107 <= 0.7.15 (extended_user_fields) Blind SQL Injection Exploit
2008-10-19e107 <= 0.7.13 (usersettings.php) Blind SQL Injection Exploit
2007-06-24e107 <= 0.7.8 (photograph) Arbitrary File Upload Vulnerability

OpenVAS Exploits

idDescription
2010-05-25Name : e107 BBCode Arbitrary PHP Code Execution Vulnerability
File : nvt/gb_e107_40252.nasl
2010-05-04Name : FreeBSD Ports: e107
File : nvt/freebsd_e107.nasl
2009-10-08Name : e107 'Referer' Header Cross-Site Scripting Vulnerability
File : nvt/gb_e107_referer_xss_vuln.nasl

Nessus® Vulnerability Scanner

idDescription
2010-05-21Name : The remote web server contains a PHP script that allows arbitrary code execut...
File : e107_bbcode_php_code_execution.nasl - Type : ACT_ATTACK
2010-04-21Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_a4746a864c8911df83fb0015587e2cc1.nasl - Type : ACT_GATHER_INFO
2009-12-10Name : A PHP script on the remote web server is affected by a cross-site scripting v...
File : e107_submitnews_xss.nasl - Type : ACT_ATTACK
2006-05-15Name : The remote web server contains a PHP script that is affected by a SQL injecti...
File : e107_cookie_sql_injection.nasl - Type : ACT_ATTACK