The remote host is missing an update to the system as announced in the referenced advisory.

Update your system with the appropriate patches or software upgrades. http://e107.org/comment.php?comment.news.864 http://secunia.com/secunia_research/2010-43/ http://secunia.com/secunia_research/2010-44/ http://xforce.iss.net/xforce/xfdb/57932 http://www.vuxml.org/freebsd/a4746a86-4c89-11df-83fb-0015587e2cc1.html

The following package is affected: e107 CVE-2010-0996 Unrestricted file upload vulnerability in e107 before 0.7.20 allows remote authenticated users to execute arbitrary code by uploading a .php.filetypesphp file. NOTE: the vendor disputes the significance of this issue, noting that 'an odd set of preferences and a missing file' are required. CVE-2010-0997 Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter.