e107 version 0.6 is susceptible to a voting manipulation flaw in rate.php.
95e0984c729ea5ba5d733100805fd95305beec52393b661132040af4778c98bbSecunia Security Advisory - Jerome Athias has discovered a vulnerability in the my_gallery plugin for e107, which can be exploited by malicious people to disclose sensitive information.
7af64c9a35da86dd67b2ca3d3708ec2465563126c05fad2b3cc3645da01c62a4The e107 My_Gallery plugin version 2.3 suffers from an arbitrary file download vulnerability.
2ef4312d97e534f6c07bbe36d7a3a2078377c54b2fcec8d9d17470dfdfafce4be107 versions 0.7.8 and below suffer from an arbitrary file upload vulnerability where it lacks validation of a files contents when uploaded, allowing for php code to be uploaded as an image, etc.
aa50d2197930982bc4bc6a785f17fb6c9451ead90d85aa3a6e6c19c2d2944af6E107 version 0.7.8 access escalation overwrite exploit.
e158f41d28fd26a0383fd8903e47eedbe5ba168c32616fbe60b32a8d820107ade107 version 0.7.5 suffers from SQL injection flaws in the admin section.
674c4b1311e6f34997407822f1ac1ed8a176c8ef211d308d077c44d96cd5202ae107 versions 0.75 and below GLOBALS[] overwrite/Zend_Hash_Del_Key_Or_Index remote command execution exploit.
2a2104f4d8276945c201078b7353259c08bc03ee77385661a195fda93688fe0ce107 version 0.7.5 is susceptible to a cross site scripting flaw.
03404386cfb9ac4d31fede7cbce958e3d15fc1dfff9727a548d3989443d0a841Secunia Security Advisory - Some vulnerabilities have been reported in e107, which can be exploited by malicious people to conduct SQL injection attacks.
38143ffae26adb1480dacbd6f5b3acf24f769d3d01d9eb7c3222394125a220e1e107 CMS versions 0.7.2 and below suffer from a SQL injection vulnerability during cookie processing.
8617e73ab061bd89bab2169af72c7e7eb60ddb9639bee6f4faabd4c73f32e1feSecunia Security Advisory - socsam has discovered a vulnerability in e107, which can be exploited by malicious people to conduct SQL injection attacks.
ee309b630094e49137a5650628771a67d3e75ade6847ab23a79fb704151ca9d6Secunia Security Advisory - Some vulnerabilities have been reported in e107, which can be exploited by malicious people to conduct script insertion attacks.
82d78ce81ea9e26ab440b4da1220a45985ad697316596bfdc3153baab9a78a81A group of Stanford researchers have discovered 99 vulnerabilities when auditing e107 version 0.7, myBloggie version 2.1.3beta, utopia NewPro version 1.1.4, DCP Portal version 6.1.1, and PHP Webthings version 1.4. They have not released exploitation information, however.
9f4befbadd47367ea11c650c514480272ba50d6d8d9f8494e5e8c9df32678f71Secunia Security Advisory - Marc Ruef has reported two weakness in e107, which potentially can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct phishing attacks.
1a7081e46d391e33b304342b553092390d48b8b360f9b62010d4afcedeacaa12Secunia Security Advisory - rgod has reported a vulnerability in e107, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
be86a473f1d2c75aedfd65735c52de105459b9217f51d1154121e2e1b2d7e25de107 content management system versions 0.617, 0.6171, 0.6172 resetcore.php utility SQL Injection, login bypass, remote code execution, and cross site scripting exploit.
4ca6f9a0dff81c384f644a6d180792da376a530181b5b35ff06c8f4bc10d5a0be107 version 0.6 has an input validation flaw in forum_post.php that allows attackers the ability to create topics in non-existing forums.
54ebb505ef7de3a47c44cc973d59da1fe31893292a35300fb1af1a1046ebe05eMultiple vulnerabilities have been discovered in various CMS and forum software. e107 suffers from a cross site scripting flaw, Wordpress suffers from a SQL injection flaw, PHPNews suffers from a remote inclusion flaw, phpBB suffers from a SQL injection flaw, Google suffers from a SQL injection flaw, and myspace.com suffers from a user profile defacement flaw. Oh.. and UBB 6.3.2 suffers from a remote code execution flaw.
9a74fd1c631bb86cd84d03df760f1891aba24c8535b0f1c98d23a917eb38b163Secunia Security Advisory - edward11 has discovered a vulnerability in e107, which can be exploited by malicious people to conduct script insertion attacks.
91e51405ca1665abc2031c56de1e7821cf8073e1decb3224dda63a9461789ffcePing is a ping utility plugin for e107, a PHP-based content management system that uses a MySQL backend database. ePing versions 1.02 and prior are vulnerable to a file creation vulnerability caused by improper validation of user-supplied input in the doping.php script.
9d4ba242da284f3dcab0ba39bddde39831b135ee0f0ebb6405d8d419c281ce47e107 version 0.617 suffers from directory traversal and SQL injection vulnerabilities.
ef2b5c85153677f18bc3f8e720dd636c90ace7a8112dacdd3e4cfcb88ea2d29deping, the ping plugin for the e107 portal system, has an arbitrary command execution flaw.
845adfe9242d7a064e1e16d1b6b9f3fd4c4f83cdc31db34ce6a9568eba3dfe44Secunia Security Advisory - Marc Ruef has discovered a weakness in e107, which can be exploited by malicious people to identify valid administrator accounts.
4d0ba5592426143b74204360543ad893392f0814348fa1142ae1c7deaa58ff2cSecunia Security Advisory - m00fd1 has reported a vulnerability in the ePing plugin for e107, which can be exploited by malicious people to compromise a vulnerable system.
4645daa520da1bef7026668b622d8ef5ca20ca9aa2e0842aef648c46777d6460Secunia Security Advisory - Oliver has reported a vulnerability in the eTrace plugin for e107, which can be exploited by malicious people to compromise a vulnerable system.
5c02a59696f685474a155e0f8b8873280d5558f400a75cc4e10ee386d12c81eaSecunia Security Advisory - Heintz has reported some vulnerabilities in e107, which can be exploited by malicious people to disclose sensitive information, conduct SQL injection attacks, and potentially bypass certain security restrictions and compromise a vulnerable system.
53b3628c4f1e5ac1d198dbe87800d2b762e1b4548915300919a7dc856652489e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed