41 matches found
CVE-2014-4033
Cross-site scripting XSS vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php...
EUVD-2015-1693
Malware in sbrugna...
EUVD-2020-20995
Malware in sbrugna...
EUVD-2019-14674
Malware in sbrugna...
EUVD-2014-3965
Malware in sbrugna...
CVE-2019-5069
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...
CVE-2020-28597
A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password o...
Epignosis EfrontPro Password Reset Vulnerability
Epignosis EfrontPro is a software application from Epignosis, Inc. An enterprise learning management system designed to deliver the most demanding and complex learning ecosystems beg... A security vulnerability exists in Epignosis EfrontPro version 5.2.21, which can be exploited by an attacker to...
CVE-2020-28597
A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password o...
CVE-2020-28597
A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password o...
Default credentials
A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password o...
CVE-2020-28597
A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password o...
CVE-2020-28597
Epignosis EfrontPro 5.2.21 is affected by a password reset vulnerability where the reset token is generated from a predictable seed, enabling an attacker to reset passwords via the password-reset URL. Talos details show the hash is md5(reset_password_timestamp + login) and that the vulnerability ...
Vulnerability Spotlight: Password reset vulnerability in Epignosis eFront
Richard Dean, CX security advisory, EMEAR, discovered this vulnerability. Blog by Jon Munshaw. Epignosis eFront contains a vulnerability that could allow an adversary to reset the password of any account of their choosing. eFront is a learning management system platform that allows users to creat...
PT-2021-11567 · Epignosis · Epignosis Efrontpro
Name of the Vulnerable Software and Affected Versions: Epignosis EfrontPro version 5.2.21 Description: A predictable seed vulnerability exists in the password reset functionality. By predicting the seed, it is possible to generate the correct password reset 1-time token. An attacker can visit the...
Epignosis EfrontPro 安全漏洞
Epignosis EfrontPro is a software application from Epignosis, Inc. An enterprise learning management system designed to deliver the most demanding and complex learning ecosystems beg... A security vulnerability exists in Epignosis EfrontPro version 5.2.21, which can be exploited by an attacker to...
Epignosis eFront LMS Password Reset authentication bypass vulnerability
Summary A predictable seed vulnerability eixsts in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the...
CVE-2019-5069
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...
CVE-2019-5069
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...
Remote code execution
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...