eFront Learning 3.6.15.6 CMS - Persistent Web Vulnerability

Document Title: =============== eFront Learning 3.6.15.6 CMS - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1761 Release Date: ============= 2016-02-22 Vulnerability Laboratory ID VL-ID: ===================================...

Epignosis eFront has multiple vulnerabilities

Epignosis eFront is an online learning system with an Ajax interface from Epignosis USA. The system allows you to create and manage courses with tools such as a content editor, file manager, and digital library. A security vulnerability exists in Epignosis eFront. An attacker can exploit the...

eFront Detection

Binary data efrontdetect.nbin...

eFront < 3.6.15.4 Build 18023 Multiple Vulnerabilities

According to its version number, the version of eFront running on the remote web server is affected by multiple vulnerabilities : - A path traversal vulnerability exists due to improper sanitization of user-supplied input to the 'file' parameter of the viewfile.php script. A remote attacker can...

eFront 3.6.15 - PHP Object Injection

eFront 3.6.15 PHP Object Injection Vulnerability + Author: Filippo Roncari + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory: https://www.securenetwork.it/docs/advisory/SN-15-02eFront.pdf + Info:...

eFront 3.6.15 - Multiple Vulnerabilities

Exploit for php platform in category web applications eFront 3.6.15 Multiple SQL Injection Vulnerabilities + Author: Filippo Roncari | Luca De Fulgentis + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full...

eFront 3.6.15 - Multiple SQL Injections

eFront 3.6.15 - Multiple SQL Injections eFront 3.6.15 Multiple SQL Injection Vulnerabilities + Author: Filippo Roncari | Luca De Fulgentis + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

eFront 3.6.15 - Multiple SQL Injections

eFront 3.6.15 Multiple SQL Injection Vulnerabilities + Author: Filippo Roncari | Luca De Fulgentis + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

eFront 3.6.15 - PHP Object Injection

eFront 3.6.15 - PHP Object Injection eFront 3.6.15 PHP Object Injection Vulnerability + Author: Filippo Roncari + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

eFront 3.6.15 - Directory Traversal

eFront 3.6.15 - Directory Traversal eFront 3.6.15 Path Traversal Vulnerability + Author: Filippo Roncari + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

eFront 3.6.15 - Directory Traversal

eFront 3.6.15 Path Traversal Vulnerability + Author: Filippo Roncari + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory: https://www.securenetwork.it/docs/advisory/SN-15-02eFront.pdf + Info:...

eFront 3.6.15 Path Traversal

eFront 3.6.15 Path Traversal Vulnerability + Author: Filippo Roncari + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory: https://www.securenetwork.it/docs/advisory/SN-15-02eFront.pdf + Info:...

eFront 3.6.15 SQL Injection

eFront 3.6.15 Multiple SQL Injection Vulnerabilities + Author: Filippo Roncari | Luca De Fulgentis + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

eFront 3.6.15 PHP Object Injection

eFront 3.6.15 PHP Object Injection Vulnerability + Author: Filippo Roncari + Target: eFront + Version: 3.6.15 and probably lower + Vendor: www.efrontlearning.net + Accessibility: Remote + Severity: High + CVE: + Full Advisory: https://www.securenetwork.it/docs/advisory/SN-15-02eFront.pdf + Info:...

eFront Learning 3.6.11 Cross Site Scripting

Affected software: efrontlearning Type of vulnerability: stored xss URL: http://demo.efrontlearning.net/ Discovered by: Provensec Website: http://www.provensec.com Description: Open Source e-Learning Proof of concept version:eFront 3.6.11 goto addd new category...

CVE-2015-1559

Multiple cross-site request forgery CSRF vulnerabilities in administrator.php in Epignosis eFront Open Source Edition before 3.6.15.3 build 18022 allow remote attackers to hijack the authentication of administrators for requests that 1 delete modules via the deletemodule parameter, 2 deactivate...

CVE-2015-1559

Multiple cross-site request forgery CSRF vulnerabilities in administrator.php in Epignosis eFront Open Source Edition before 3.6.15.3 build 18022 allow remote attackers to hijack the authentication of administrators for requests that 1 delete modules via the deletemodule parameter, 2 deactivate...

CVE-2015-1559

CVE-2015-1559 affects Epignosis eFront Open Source Edition up to version 3.6.15.3 build 18022, where multiple CSRF vulnerabilities in administrator.php allow an attacker to hijack administrator sessions and perform actions such as deleting/modifying modules, users, themes, events, language settin...

Multiple Cross-Site Request Forgery Vulnerabilities in eFront 'administrator.php'

eFront is an online learning system. Multiple cross-site request forgery vulnerabilities exist in eFront 'administrator.php', which can be exploited by attackers to perform certain unauthorized actions...

eFront 3.6.15.2 Cross Site Request Forgery

Advisory: Multiple CSRF vulnerabilities in eFront v. 3.6.15.2 CE Advisory ID: SROEADV-2015-09 Author: Steffen Rösemann Affected Software: eFront v. 3.6.15.2 CE Release-date: 05-Dec-2014, build 18021 Vendor URL: http://www.efrontlearning.net Vendor Status: patched CVE-ID: - Tested with/on: -Browse...