CVE-2012-4269

Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message...

CVE-2012-4270

Cross-site scripting XSS vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message...

eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities

Document Title: =============== eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=668 Release Date: ============= 2012-08-06 Vulnerability Laboratory ID VL-ID: ==================================== 66...

eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities

Document Title: =============== eFront Enterprise v3.6.11 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=668 Release Date: ============= 2012-08-06 Vulnerability Laboratory ID VL-ID: ==================================== 66...

eFront Educational v3.6.11 - Multiple Web Vulnerabilities

Document Title: =============== eFront Educational v3.6.11 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=666 Release Date: ============= 2012-08-03 Vulnerability Laboratory ID VL-ID: ==================================== 6...

eFront Educational v3.6.11 - Multiple Web Vulnerabilities

Document Title: =============== eFront Educational v3.6.11 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=666 Release Date: ============= 2012-08-03 Vulnerability Laboratory ID VL-ID: ==================================== 6...

Efront 3.6.11 Cross Site Scripting / Shell Upload

Exploit Title : Efront Multiple Vulnerabilities Author : IrIsT.Ir & Sec4Ever.com Discovered By : L3b-r1'z Home : http://IrIsT.Ir & http://Sec4Ever.com P Blob : http://L3b-r1z.com/ Software Link : http://www.efrontlearning.net Security Risk : High Version : 3.6.11 Tested on : win\XP Dork :...

eFront 3.6.9 LFI

Local file include vulnerability in eFront js/scripts.php Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...

eFront 3.5.5 LFI

Local file include vulnerability in eFront langname parameter Vulnerability Type: Local File Include For the exploit source code contact DSquare Security sales team...

eFront 3.6.10 Authentication Bypass and File Upload

File upload vulnerability in eFront /libraries/filesystem.class.php Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

eFront 3.6.10 File Upload

File upload vulnerability in eFront savetemplate.php Vulnerability Type: File Upload For the exploit source code contact DSquare Security sales team...

eFront CMS 3.6.10 User Enumeration

TITLE ....... eFront 3.6.10 CMS user enumeration attack DATE ........ 11.04.2012 AUTOHR ...... http://hauntit.blogspot.com SOFT LINK ... http://www.efrontlearning.net VERSION ..... 3.6.10 TESTED ON ... LAMP ----------------------------------------------------------------------- 1. What is this? 2...

eFront CMS 3.6.10 Information Disclosure

TITLE ....... eFront 3.6.10 CMS Information Disclosure bug DATE ........ 11.04.2012 public, after week or sth AUTOHR ...... http://hauntit.blogspot.com SOFT LINK ... http:// VERSION ..... 3.6.10 TESTED ON ... LAMP ----------------------------------------------------------------------- 1. What is...

eFront Community++ v3.6.10 - SQL Injection Vulnerability

Title: ====== eFront Community++ v3.6.10 - SQL Injection Vulnerability Date: ===== 2012-02-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=422 VL-ID: ===== 422 Introduction: ============= Tailored with larger organizations in mind, eFront Community ++ offers solution...

eFronts Community++ v3.6.10 - Cross Site Vulnerability

Title: ====== eFronts Community++ v3.6.10 - Cross Site Vulnerability Date: ===== 2012-02-07 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=423 VL-ID: ===== 423 Introduction: ============= Tailored with larger organizations in mind, eFront Community ++ offers solutions...

CVE-2012-1048

Cross-site scripting XSS vulnerability in communityplusplus/www/administrator.php in eFront Community++ edition 3.6.10, and possibly other editions, allows remote attackers to inject arbitrary web script or HTML via the filter parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in communityplusplus/www/administrator.php in eFront Community++ edition 3.6.10, and possibly other editions, allows remote attackers to inject arbitrary web script or HTML via the filter parameter...

CVE-2012-1048

Cross-site scripting XSS vulnerability in communityplusplus/www/administrator.php in eFront Community++ edition 3.6.10, and possibly other editions, allows remote attackers to inject arbitrary web script or HTML via the filter parameter...

CVE-2012-1048

CVE-2012-1048 describes a cross-site scripting (XSS) vulnerability in the web admin page: communityplusplus/www/administrator.php of the eFront Community++ edition (version 3.6.10, and possibly other editions). The issue allows remote attackers to inject arbitrary web script or HTML via the filte...

eFront Community++ 3.6.10 SQL Injection

Title: ====== eFront Community++ v3.6.10 - SQL Injection Vulnerability Date: ===== 2012-02-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=422 VL-ID: ===== 422 Introduction: ============= Tailored with larger organizations in mind, eFront Community ++ offers solution...