245 matches found
CVE-2013-7194
Multiple cross-site scripting XSS vulnerabilities in www/administrator.php in eFront 3.6.14 build 18012 allow remote authenticated administrators to inject arbitrary web script or HTML via the 1 Last name, 2 Lesson name, or 3 Course name field...
eFront 3.6.14 Cross Site Scripting
EDB Note: Screenshot provided by exploit author. Exploit Title: eFront v3.6.14 build 18012 -Stored XSS in multiple Parameters Author: sajith version: eFront v3.6.14- build 18012 Vendor Homepage: http://www.efrontlearning.net/ vulnerable app link:http://www.efrontlearning.net/download POC by sajit...
eFront 3.6.14 Cross Site Scripting Vulnerability
eFront version 3.6.14 build 18012 suffers from multiple stored cross site scripting vulnerabilities. EDB Note: Screenshot provided by exploit author. Exploit Title: eFront v3.6.14 build 18012 -Stored XSS in multiple Parameters Author: sajith version: eFront v3.6.14- build 18012 Vendor Homepage:...
eFront 3.6.14 (build 18012) - Multiple Persistent Cross-Site Scripting Vulnerabilities
eFront 3.6.14 build 18012 - Multiple Persistent Cross-Site Scripting Vulnerabilities Exploit-DB Note: Screenshot provided by exploit author. Exploit Title: eFront v3.6.14 build 18012 -Stored XSS in multiple Parameters Author: sajith version: eFront v3.6.14- build 18012 Vendor Homepage:...
eFront 3.6.14 (build 18012) - Multiple Persistent Cross-Site Scripting Vulnerabilities
Exploit-DB Note: Screenshot provided by exploit author. Exploit Title: eFront v3.6.14 build 18012 -Stored XSS in multiple Parameters Author: sajith version: eFront v3.6.14- build 18012 Vendor Homepage: http://www.efrontlearning.net/ vulnerable app link:http://www.efrontlearning.net/download POC b...
CVE-2012-6515
eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid coursesID parameter in the lessoninfo module to index.php, which reveals the installation path in an error message...
Design/Logic Flaw
eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid coursesID parameter in the lessoninfo module to index.php, which reveals the installation path in an error message...
CVE-2012-6515
The CVE-2012-6515 entry affects eFront 3.6.10, 3.6.11 build 15059, and earlier. The vulnerability arises in the lesson_info module (index.php) where an invalid courses_ID parameter can cause an error message that reveals the installation path, resulting in partial information disclosure. Multiple...
CVE-2012-6515
eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid coursesID parameter in the lessoninfo module to index.php, which reveals the installation path in an error message...
eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities
Title: ====== eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities Date: ===== 2012-08-06 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=668 VL-ID: ===== 668 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...
eFront Educational v3.6.11 - Multiple Web Vulnerabilities
Title: ====== eFront Educational v3.6.11 - Multiple Web Vulnerabilities Date: ===== 2012-08-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=666 VL-ID: ===== 666 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...
Group-Office Calendar SQL Injection
Title: ====== eFront Educational v3.6.11 - Multiple Web Vulnerabilities Date: ===== 2012-08-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=666 VL-ID: ===== 666 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...
eFront Enterprise 3.6.11 Cross Site Scripting
Title: ====== eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities Date: ===== 2012-08-06 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=668 VL-ID: ===== 668 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...
eFront Educational 3.6.11 Cross Site Scripting
Title: ====== eFront Educational v3.6.11 - Multiple Web Vulnerabilities Date: ===== 2012-08-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=666 VL-ID: ===== 666 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...
CVE-2012-4270
Cross-site scripting XSS vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message...
CVE-2012-4269
Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message...
Unrestricted file upload
Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message...
Cross site scripting
Cross-site scripting XSS vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message...
CVE-2012-4270
CVE-2012-4270 describes a Cross-site scripting (XSS) vulnerability in eFront 3.6.11 where remote authenticated users can inject arbitrary script/HTML via the subject field of a message. The NVD entry lists a low base score (CVSSv2 3.5) with network access and user interaction not required, but au...
CVE-2012-4269
Summary of CVE-2012-4269 : The vulnerability is an unrestricted file upload in eFront 3.6.11. According to the sources, remote authenticated users could execute arbitrary code by uploading a file with an executable extension via an attachment in a message. The CVSS data in the NVD entry indicates...