eFront 3.6.9 Build 10653 Local File Inclusion

------------------------------------------------------------------------ Software................eFront 3.6.9 build 10653 Vulnerability...........Local File Inclusion Threat Level............Critical 4/5 Download................http://www.efrontlearning.net/ Discovery Date..........5/12/2011 Test...

eFront 3.6.9 Build 10653 Cross Site Scripting

------------------------------------------------------------------------ Software................eFront 3.6.9 build 10653 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low 1/5 Download................http://www.efrontlearning.net/ Discovery Date..........5/12/2011...

eFront 3.6.9 - 'scripts.php' Local File Inclusion

source: https://www.securityfocus.com/bid/47870/info eFront is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary local scripts in the...

eFront version 3.6.6 Mullti Vulnerability

Exploit for php platform in category web applications ========================================= eFront version 3.6.6 Mullti Vulnerability ========================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 3 3 3 3 7 /' \ /'\ /'\ /\ \ /\ /\ \ 7 1 /,...

eFront Multiple Parameter Cross Site Scripting Vulnerabilities

eFront Multiple Parameter Cross Site Scripting Vulnerabilities I. BACKGROUND --------------------- "eFront is a fully flexible eLearning system capable of fulfilling a wide range of learning needs. With eFront you will discover new ways to perform training tasks easier and faster, while keeping...

Cross-site Request Forgery (CSRF) Vulnerabilities in eFront

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in eFront which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in eFront 1.1 The vulnerability exists due to insufficient validation of the request origin in...

eFront 'ask_chat.php' SQLi Vulnerability

eFront is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:efrontlearning:efront";...

CVE-2010-1918

SQL injection vulnerability in askchat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatroomsID parameter...

CVE-2010-1918

CVE-2010-1918 affects eFront (versions up to 3.6.2 and earlier). The vulnerability is an SQL injection in the web application’s ask_chat.php, exploitable via the chatrooms_ID parameter. This allows remote attackers to execute arbitrary SQL commands on the backend. The published metrics assign a C...

CVE-2010-1918

SQL injection vulnerability in askchat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatroomsID parameter...

MOPS-2010-018: EFront ask_chat chatrooms_ID SQL Injection Vulnerability

MOPS-2010-018: EFront askchat chatroomsID SQL Injection Vulnerability May 9th, 2010 A preauth SQL injection vulnerability was discovered in the chat feature of EFront that allows retrieving all data from the database by simple URL manipulation. Affected versions Affected is EFront = 3.6.2 Credits...

eFront 3.x - ask_chat.php SQL Injection

eFront 3.x - askchat.php SQL Injection source: https://www.securityfocus.com/bid/40032/info eFront is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise t...

eFront 3.x - 'ask_chat.php' SQL Injection

source: https://www.securityfocus.com/bid/40032/info eFront is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, ...

eFront <= 3.5.5 'langname' Parameter LFI Vulnerability

eFront is prone to a local file include LFI vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2010-1003

Directory traversal vulnerability in www/editor/tinymce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the langname parameter...

CVE-2010-1003

Directory traversal vulnerability in www/editor/tinymce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the langname parameter...

CVE-2010-1003

CVE-2010-1003 concerns a local file inclusion vulnerability in eFront up to version 3.5.5, caused by improper sanitization of the langname parameter in the language.php script, enabling directory traversal via .. to include and potentially execute arbitrary local PHP files. Multiple sources (NVD ...

CORE-2010-0311 - eFront-learning PHP file inclusion vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ eFront-learning PHP file inclusion vulnerability 1. Advisory Information Title: eFront-learning PHP file inclusion vulnerability Advisory Id: CORE-2010-0311 Advisory...

eFront 3.5.5 - &#039;langname&#039; Local File Inclusion

source: https://www.securityfocus.com/bid/38787/info eFront is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the...

eFront 3.5.5 - langname Local File Inclusion

eFront 3.5.5 - langname Local File Inclusion source: https://www.securityfocus.com/bid/38787/info eFront is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information...