9 matches found
EUVD-2006-3256
Malware in sbrugna...
EUVD-2006-4744
Malware in sbrugna...
CVE-2006-4794
Multiple cross-site scripting XSS vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string PATHINFO in 1 contact.php, 2 download.php, 3 admin.php, 4 fpw.php, 5 news.php, 6 search.php, 7 signup.php, 8 submitnews.php, and 9 user.php. NOTE: the...
CVE-2006-4794
Multiple cross-site scripting XSS vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string PATHINFO in 1 contact.php, 2 download.php, 3 admin.php, 4 fpw.php, 5 news.php, 6 search.php, 7 signup.php, 8 submitnews.php, and 9 user.php. NOTE: the...
CVE-2006-4794
CVE-2006-4794 describes multiple XSS vulnerabilities in e107 0.7.5 via the PATH_INFO query string in numerous PHP pages (contact.php, download.php, admin.php, etc.). Connected records indicate a broader XSS family affecting e107 0.7.16 and earlier (admin/ and related files such as submitnews.php,...
CVE-2006-4757
Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the 1 linkopentype, 2 linkrender, 3 linkclass, and 4 linkid parameters in a links.php; the 5 searchquery parameter in b users.php; and th...
CVE-2006-4757
CVE-2006-4757 affects the e107 CMS version 0.7.5. The vulnerability is described as multiple SQL injection flaws in the admin section, enabling remote authenticated administrative users to execute arbitrary SQL commands via the following parameters: (1) linkopentype, (2) linkrender, (3) link_clas...
Sql injections in e107 [Admin section]
Hi, There are several sql injections in e107 0.7.5 admin section : I The "linkopentype", "linkrender" and "linkclass" parameters are passed to "dbInsert" function without checking : File /e107admin/links.php, Line 496 : $sql-dbInsert"links", "0, '$linkname', '$linkurl', '$linkdescription',...
Code injection
Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit"...