Lucene search
+L

115 matches found

Talos
Talos
added 2019/12/02 12:0 a.m.50 views

Forma LMS 2.2.1 ajax.adm_server.php dir parameter SQL injections

Summary Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowin...

8.8CVSS8.6AI score0.01064EPSS
Exploits1
CNVD
CNVD
added 2015/05/26 12:0 a.m.4 views

Forma Lms SQL Injection Vulnerability

Forma Lms is an open source web-based learning management system LMS. A SQL injection vulnerability exists in Forma Lms, which allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...

8.1AI score
Exploits0References1
exploitpack
exploitpack
added 2015/05/21 12:0 a.m.21 views

Forma LMS 1.3 - Multiple SQL Injections

Forma LMS 1.3 - Multiple SQL Injections Forma LMS 1.3 Multiple SQL Injections + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

Exploits0
Exploit DB
Exploit DB
added 2015/05/21 12:0 a.m.40 views

Forma LMS 1.3 - Multiple SQL Injections

Forma LMS 1.3 Multiple SQL Injections + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full Advisory: https://www.securenetwork.it/docs/advisory/SN-15-03Formalms.pdf + Info:...

7AI score
Exploits0
Packet Storm
Packet Storm
added 2015/05/18 12:0 a.m.38 views

Forma LMS 1.3 PHP Object Injection

Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2015/05/18 12:0 a.m.21 views

Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities

Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full...

0.5AI score
Exploits0
0day.today
0day.today
added 2015/05/18 12:0 a.m.33 views

Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities

Exploit for php platform in category web applications Forma LMS 1.3 Multiple SQL Injections + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2015/05/18 12:0 a.m.32 views

Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities

Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2014/12/01 12:0 a.m.81 views

Two Reflected Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms

Advisory ID: HTB23226 Product: Forma Lms Vendor: http://www.formalms.org/ Vulnerable Versions: 1.2.1 and probably prior Tested Version: 1.2.1 Advisory Publication: August 6, 2014 without technical details Vendor Notification: August 6, 2014 Vendor Patch: November 4, 2014 Public Disclosure: Novemb...

4.3CVSS6.8AI score0.01891EPSS
Exploits2
NVD
NVD
added 2014/11/06 3:55 p.m.28 views

CVE-2014-5257

Multiple cross-site scripting XSS vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the 1 idcustom parameter in an amanmenu request or 2 idgame parameter in an alms/games/edit request to appCore/index.php...

4.3CVSS5.7AI score0.01891EPSS
Exploits2References5
Prion
Prion
added 2014/11/06 3:55 p.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the 1 idcustom parameter in an amanmenu request or 2 idgame parameter in an alms/games/edit request to appCore/index.php...

4.3CVSS6.1AI score0.01891EPSS
Exploits2References5Affected Software1
Cvelist
Cvelist
added 2014/11/06 3:0 p.m.32 views

CVE-2014-5257

Multiple cross-site scripting XSS vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the 1 idcustom parameter in an amanmenu request or 2 idgame parameter in an alms/games/edit request to appCore/index.php...

5.7AI score0.01891EPSS
Exploits2References5
CVE
CVE
added 2014/11/06 3:0 p.m.46 views

CVE-2014-5257

CVE-2014-5257 affects Forma Lms prior to 1.2.1 p01, with two reflected XSS vulnerabilities in appCore/index.php exploitable via id_custom (amanmenu) and id_game (alms/games/edit). Advisory HTB23226 describes insufficient sanitization leading to arbitrary HTML/script execution in the context of a ...

4.3CVSS5.8AI score0.01891EPSS
Exploits2References5Affected Software1
Packet Storm
Packet Storm
added 2014/11/05 12:0 a.m.55 views

Forma Lms 1.2.1 Cross Site Scripting

Advisory ID: HTB23226 Product: Forma Lms Vendor: http://www.formalms.org/ Vulnerable Versions: 1.2.1 and probably prior Tested Version: 1.2.1 Advisory Publication: August 6, 2014 without technical details Vendor Notification: August 6, 2014 Vendor Patch: November 4, 2014 Public Disclosure: Novemb...

4.3CVSS6.7AI score0.01891EPSS
Exploits2
htbridge
htbridge
added 2014/08/06 12:0 a.m.49 views

Two Reflected Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms

High-Tech Bridge Security Research Lab discovered two vulnerabilities in Forma Lms, which can be exploited to perform Cross-Site Scripting XSS attacks against vulnerable website. 1 Reflected Cross-Site Scripting XSS in Forma Lms: CVE-2014-5257 1.1 The vulnerability exists due to insufficient...

4.3CVSS6.2AI score0.01891EPSS
Exploits2Affected Software1
Rows per page
Query Builder