exploit the possibilities
Showing 1 - 1 of 1 RSS Feed

Files

e107 Content Management Plugin Script Insertion
Posted Apr 19, 2010
Site secunia.com

Secunia Research has discovered a vulnerability in e107, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "content_heading" parameter to 107_plugins/content/content_manager.php while creating new content is not properly sanitized before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires authentication and that the Content Management plugin is enabled. e107 version 0.7.19 is affected.

tags | advisory, arbitrary, php
advisories | CVE-2010-0997
MD5 | 21941275e3cabe72984dab9134b3fb89
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Facebook Tackles Russians Making Fake News Stories
Posted Jan 17, 2019

tags | headline, government, usa, russia, fraud, cyberwar, facebook
Shareholders Demand Amazon End Facial Recognition Sales To Government
Posted Jan 17, 2019

tags | headline, government, privacy, usa, amazon
Two Ukrainians Charged With 2016 Hack Of SEC
Posted Jan 16, 2019

tags | headline, hacker, government, usa, cybercrime, data loss, fraud
NanoCore Trojan Is Protected In Memory From Being Killed Off
Posted Jan 16, 2019

tags | headline, malware, trojan
Fortnite Security Issue Would Have Granted Hackers Access To Accounts
Posted Jan 16, 2019

tags | headline, hacker, privacy, flaw, password
Yes, You Can Remotely Hack Factory, Building Site Cranes. Wait, What?
Posted Jan 16, 2019

tags | headline, hacker, flaw, scada
PoC For Windows VCF Zero-Day Published Online
Posted Jan 16, 2019

tags | headline, hacker, microsoft, flaw
Huawei Founder Denies Firm Poses Spying Risk
Posted Jan 15, 2019

tags | headline, government, usa, china, spyware, backdoor
Judge Rules Against Compelled Use Of Biometrics
Posted Jan 15, 2019

tags | headline, government, privacy, usa, phone, science
Tesla's Software Bug Bounty Is Going To The Big Leagues With Pwn2Own
Posted Jan 15, 2019

tags | headline, conference
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close