what you don't know can hurt you
Showing 1 - 1 of 1 RSS Feed

Files

e107 Content Management Plugin Script Insertion
Posted Apr 19, 2010
Site secunia.com

Secunia Research has discovered a vulnerability in e107, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "content_heading" parameter to 107_plugins/content/content_manager.php while creating new content is not properly sanitized before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires authentication and that the Content Management plugin is enabled. e107 version 0.7.19 is affected.

tags | advisory, arbitrary, php
advisories | CVE-2010-0997
MD5 | 21941275e3cabe72984dab9134b3fb89
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
US Telcos Say They Stopped Selling User Location Data, With A Few Exceptions
Posted May 16, 2019

tags | headline, privacy, phone, data loss, fraud
ARIN Recovers 735,000 Fraudulently Obtained IPv4 Addresses
Posted May 16, 2019

tags | headline, fraud
GozNym Bank Malware Gang That Stole Millions Busted
Posted May 16, 2019

tags | headline, hacker, malware, bank, cybercrime, fraud
Cisco / WebEx Flaws Offer Up Remote Code Execution
Posted May 16, 2019

tags | headline, hacker, flaw, cisco
Hackers Interrupt Israeli Eurovision Webcast With Fake Explosions
Posted May 15, 2019

tags | headline, hacker, israel
Plane Radio Navigation For Landing Is Insecure And Can Be Hacked
Posted May 15, 2019

tags | headline, hacker, flaw, terror
Microsoft Warns Wormable Windows Bug Could Lead To Another WannaCry
Posted May 15, 2019

tags | headline, microsoft, flaw, patch
UK Hacking Powers Can Be Challenged In Court, Judge Rules
Posted May 15, 2019

tags | headline, government, britain, spyware
WhatsApp To Refer Security Breach To U.S. Authorities
Posted May 14, 2019

tags | headline, privacy, malware, phone, data loss, facebook
SilverTerrier Cybergang Evolving New Techniques For BEC Scams
Posted May 14, 2019

tags | headline, malware, cybercrime, fraud
View More News →
packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close