976 matches found
CVE-2004-2031
Cross-site scripting XSS vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the 1 URL, 2 MSN, or 3 AIM fields...
CVE-2004-2028
Cross-site scripting XSS vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php...
e107 Website System 0.50.6 - Log.php HTML Injection
e107 Website System 0.50.6 - Log.php HTML Injection source: https://www.securityfocus.com/bid/10395/info It is reported that e107 website system is prone to a remote HTML injection vulnerability. This issue is due to a failure by the application to properly sanitize user-supplied input. The probl...
e107 Website System 0.5/0.6 - 'Log.php' HTML Injection
source: https://www.securityfocus.com/bid/10395/info It is reported that e107 website system is prone to a remote HTML injection vulnerability. This issue is due to a failure by the application to properly sanitize user-supplied input. The problem presents itself when a user supplies malicious HT...
XSS in e107 forum
Существует возможность вставки произвольного HTML код в тело сообщения. Удаленный атакующий может вставить специально отформатированный BB тэг bbcode , чтобы заставить форум отобразить произвольный код сценария в браузере пользователя, просматривающего злонамеренное сообщение. При желании, укорот...
XSS в разных форумах
Здравствуйте, 3APA3A. играясь с е107 обнаружил следующее: forum проверено на версии 6.12 возможность вставки BBCode URL=http://some.url"style="position:absolute;left:220px;top:10px;"size=14test /size/URL проверенный:...
E107 DoS vulnerability
Program: E107 www.e107.org Versions: 0.545 & 0.603 tested, below may also be vulnerable Synopsis: Tagboard Denial of Service vulnerability system wide Security Risk: Medium It's a system wide DoS Author: Blademaster [email protected] www.hackingheaven.com URL:...
CVE-2003-1191
chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a denial of service pages fail to load via HTML in the Name field, which prevents the main.php form from being loaded...
E107 - Chatbox.php Denial of Service
E107 - Chatbox.php Denial of Service source: https://www.securityfocus.com/bid/8930/info It has been reported that E107 may be prone to a denial of service vulnerability. The issue has been reported to exist due to improper handling of user-supplied data in the form of HTML or script code to the...
E107 - 'Chatbox.php' Denial of Service
source: https://www.securityfocus.com/bid/8930/info It has been reported that E107 may be prone to a denial of service vulnerability. The issue has been reported to exist due to improper handling of user-supplied data in the form of HTML or script code to the 'Name:' field of Chatbox.php script...
e107 Website System 0.554 - HTML Injection
e107 Website System 0.554 - HTML Injection source: https://www.securityfocus.com/bid/8279/info The e107 content management system is prone to an HTML injection vulnerability. This issue is exposed through the class2.php script. An attacker may exploit this issue by including hostile HTML and scri...
e107 Website System 0.554 - HTML Injection
source: https://www.securityfocus.com/bid/8279/info The e107 content management system is prone to an HTML injection vulnerability. This issue is exposed through the class2.php script. An attacker may exploit this issue by including hostile HTML and script code in certain fields within the form...
e107 website system Vulnerability
Informations : Advisory Name: e107 website system Vulnerability Author: hiruvim [email protected] Discover by: hiruvim [email protected] Website vendor : http://e107.org Affected Systems: All versions Severity: High Platforms: Windows and Unix Issue: Security holes enable attackers to get MySQL...
e107 Website System 0.555 - db.php Information Disclosure
e107 Website System 0.555 - db.php Information Disclosure source: https://www.securityfocus.com/bid/8273/info e107 Website System 'db.php' has been reported prone to an information disclosure vulnerability. A remote attacker may exploit this vulnerability to invoke the dumpsql routine without pri...
e107 db.php User Database Disclosure
The version of e107 installed on the remote host is affected by an information disclosure vulnerability because of a flaw in the 'admin/db.php' script. This can allow an unauthenticated, remote attacker to obtain a dump of the SQL database used by e107, by sending a specially crafted request. An...
e107 Website System 0.555 - 'db.php' Information Disclosure
source: https://www.securityfocus.com/bid/8273/info e107 Website System 'db.php' has been reported prone to an information disclosure vulnerability. A remote attacker may exploit this vulnerability to invoke the dumpsql routine without prior authentication. Information returned to the attacker ma...