21 matches found
EUVD-2019-14675
Malware in sbrugna...
EUVD-2019-14674
Malware in sbrugna...
CVE-2019-5070
An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no...
Epignosis eFront LMS Password Reset authentication bypass vulnerability
Summary A predictable seed vulnerability eixsts in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the...
CVE-2019-5069
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...
CVE-2019-5070
An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no...
CVE-2019-5070
An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no...
Sql injection
An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no...
Remote code execution
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...
CVE-2019-5070
EPIGNOSIS eFront LMS SQL Injection (CVE-2019-5070) affects Epignosis eFront LMS
CVE-2019-5070
An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no...
CVE-2019-5069
Epignosis eFront LMS v5.2.12 is affected by a PHP deserialization code execution vulnerability (CVE-2019-5069). Cisco Talos (TALOS-2019-0858) describes unsafe deserialization of untrusted data leading to remote code execution. Affected component is the LMS PHP backend; deserialization occurs when...
CVE-2019-5069
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...
Epignosis eFront LMS PHP deserialization code execution vulnerability
Summary A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability. Tested Versions Epignosis...
Epignosis eFront LMS unauthenticated SQL injection vulnerability
Summary An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities,...
eFront 3.6.15 Code Execution Vulnerability
Exploit for php platform in category web applications A friend reminded me a couple of days ago to publish something, since its been a while last I published a post. so this is going to be a short post about an interesting-ish RCE found in all versions of eFront LMS - unfortunately, since the...
eFront 3.6.15 Code Execution
TL,DR; A friend reminded me a couple of days ago to publish something, since its been a while last I published a post. so this is going to be a short post about an interesting-ish RCE found in all versions of eFront LMS - unfortunately, since the report have passed 90 days since initial report, I...
eFront 3.6.15 - Directory Traversal
eFront 3.6.15 Path Traversal Vulnerability + Author: Filippo Roncari + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory: https://www.securenetwork.it/docs/advisory/SN-15-02eFront.pdf + Info:...
eFront 3.6.15 Path Traversal
eFront 3.6.15 Path Traversal Vulnerability + Author: Filippo Roncari + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory: https://www.securenetwork.it/docs/advisory/SN-15-02eFront.pdf + Info:...
eFront 3.6.15 PHP Object Injection
eFront 3.6.15 PHP Object Injection Vulnerability + Author: Filippo Roncari + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory: https://www.securenetwork.it/docs/advisory/SN-15-02eFront.pdf + Info:...