CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EasyCTF is a CGI program for scoring CTFs. EasyCTF suffers from an unspecified cross-site scripting vulnerability that could be exploited by remote attackers to inject malicious script or HTML code, which could be used to gain access to sensitive information or hijack user sessions when malicious...

3.5CVSS6.2AI score0.00209EPSS

Exploits0References1

CNVD•added 2015/05/03 12:0 a.m.•1 views

EasyCTF Unauthorized Access Vulnerability

EasyCTF is a CGI program for scoring CTFs. EasyCTF fails to properly verify session IDs, allowing remote attackers to gain unauthorized access via special HTTP requests...

5CVSS7.2AI score0.00218EPSS

Exploits0References1

CNVD•added 2015/05/03 12:0 a.m.•1 views

EasyCTF Arbitrary File Content Write Vulnerability

EasyCTF is a CGI program for scoring CTFs. EasyCTF has an unspecified security vulnerability that could be exploited by remote attackers to write arbitrary executable content to a file...

6.5CVSS7.1AI score0.00442EPSS

Exploits0References1

NVD•added 2015/05/01 10:59 a.m.•11 views

CVE-2015-0914

EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request...

5CVSS6.5AI score0.00218EPSS

Exploits0References3

NVD•added 2015/05/01 10:59 a.m.•7 views

CVE-2015-0913

Cross-site scripting XSS vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.3AI score0.00209EPSS

Exploits0References3

NVD•added 2015/05/01 10:59 a.m.•7 views

CVE-2015-0912

EasyCTF before 1.4 allows remote authenticated users to write executable content to files via unspecified vectors...

6.5CVSS6.3AI score0.00442EPSS

Exploits0References3

Prion•added 2015/05/01 10:59 a.m.•10 views

Cross site request forgery (csrf)

EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request...

5CVSS7.1AI score0.00218EPSS

Exploits0References3Affected Software1

Prion•added 2015/05/01 10:59 a.m.•7 views

Code injection

EasyCTF before 1.4 allows remote authenticated users to write executable content to files via unspecified vectors...

6.5CVSS6.7AI score0.00442EPSS

Exploits0References3Affected Software1

Prion•added 2015/05/01 10:59 a.m.•9 views

Cross site scripting

Cross-site scripting XSS vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.6AI score0.00209EPSS

Exploits0References3Affected Software1

CVE•added 2015/05/01 10:0 a.m.•34 views

CVE-2015-0912

EasyCTF is a server-side CGI scoring tool. A vulnerability (CWE-22) allows a remote attacker to create arbitrary files on the server, which may lead to arbitrary code execution. Affected products: EasyCTF 1.3 and earlier. Root cause involves improper handling of file writes (arbitrary file creati...

6.5CVSS6.4AI score0.00442EPSS

Exploits0References3Affected Software1

Cvelist•added 2015/05/01 10:0 a.m.•10 views

CVE-2015-0912

EasyCTF before 1.4 allows remote authenticated users to write executable content to files via unspecified vectors...

6.3AI score0.00442EPSS

Exploits0References3

CVE•added 2015/05/01 10:0 a.m.•46 views

CVE-2015-0913

CVE-2015-0913 affects EasyCTF (server-side CGI) with a cross-site scripting (CWE-79) vulnerability that allows remote authenticated users to inject arbitrary script/HTML via unspecified vectors. The connected JVN/NVD entries indicate EasyCTF versions 1.3 and earlier are vulnerable. Root cause: in...

3.5CVSS5.4AI score0.00209EPSS

Exploits0References3Affected Software1

CVE•added 2015/05/01 10:0 a.m.•39 views

CVE-2015-0914

CVE-2015-0914 affects EasyCTF prior to 1.4. The vulnerability is a session management weakness (CWE-639) where session IDs are not validated, allowing a remote attacker to gain unauthorized access via a crafted HTTP request. Impact stated: possible login and information disclosure without credent...

5CVSS6.8AI score0.00218EPSS

Exploits0References3Affected Software1

Cvelist•added 2015/05/01 10:0 a.m.•15 views

CVE-2015-0913

Cross-site scripting XSS vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

5.3AI score0.00209EPSS

Exploits0References3

Cvelist•added 2015/05/01 10:0 a.m.•12 views

CVE-2015-0914

EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request...

6.5AI score0.00218EPSS

Exploits0References3

Japan Vulnerability Notes•added 2015/05/01 4:49 a.m.•1 views

EasyCTF vulnerable to cross-site scripting

Overview EasyCTF is a server side CGI used to score CTF Capture The Flag. EasyCTF contains a cross-site scripting vulnerability CWE-79 that can be leveraged by an attacker created account. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

3.5CVSS6AI score0.00209EPSS

Exploits0References5

Japan Vulnerability Notes•added 2015/05/01 12:0 a.m.•25 views

JVN#07538357: EasyCTF vulnerable to cross-site scripting

EasyCTF is a server side CGI used to score CTF Capture The Flag. EasyCTF contains a cross-site scripting vulnerability CWE-79 that can be leveraged by an attacker created account. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the late...

3.5CVSS5.9AI score0.00209EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by