24 matches found
CVE-2014-4033
Cross-site scripting XSS vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php...
EUVD-2015-1693
Malware in sbrugna...
EUVD-2019-14674
Malware in sbrugna...
EUVD-2014-3965
Malware in sbrugna...
CVE-2019-5069
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...
Vulnerability Spotlight: Password reset vulnerability in Epignosis eFront
Richard Dean, CX security advisory, EMEAR, discovered this vulnerability. Blog by Jon Munshaw. Epignosis eFront contains a vulnerability that could allow an adversary to reset the password of any account of their choosing. eFront is a learning management system platform that allows users to creat...
Epignosis eFront LMS Password Reset authentication bypass vulnerability
Summary A predictable seed vulnerability eixsts in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the...
CVE-2019-5069
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...
CVE-2019-5069
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...
Remote code execution
A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability...
Epignosis eFront LMS Code Issue Vulnerability
Epignosis eFront LMS is a suite of online e-learning platforms from Epignosis, Inc. in the United States. The platform provides test building, assignment management, internal messaging, forums and online chat. A code issue vulnerability exists in Epignosis eFront LMS version 5.2.12, which can be...
Epignosis eFront LMS SQL Injection Vulnerability
Epignosis eFront LMS is a suite of online e-learning platforms from Epignosis, Inc. in the United States. The platform provides test building, assignment management, internal messaging, forums and online chat. A SQL injection vulnerability exists in Epignosis eFront LMS version 5.2.12 and earlier...
Vulnerability Spotlight: Two vulnerabilities in Epignosis eFront
Yuri Kramarz of Security Advisory Incident Response EMEAR discovered these vulnerabilities. Cisco Talos discovered two vulnerabilities in Epignosis eFront — one of which could allow an attacker to remotely execute code on the victim system, and another that opens the victim machine to SQL...
Epignosis eFront LMS PHP deserialization code execution vulnerability
Summary A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability. Tested Versions Epignosis...
Epignosis eFront LMS unauthenticated SQL injection vulnerability
Summary An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities,...
Epignosis eFront CMS Path Traversal Vulnerability
Epignosis eFront CMS is an online learning system with an Ajax interface from Epignosis, USA. The system allows you to create and manage courses with tools such as a content editor, file manager, and digital library. A path traversal vulnerability exists in Epignosis eFront CMS 3.6.15.4 and earli...
Epignosis eFront CMS Arbitrary File Upload Vulnerability (CNVD-2017-26067)
Epignosis eFront CMS is an online learning system with an Ajax interface from Epignosis, USA. The system allows you to create and manage courses with tools such as a content editor, file manager, and digital library. An arbitrary file upload vulnerability exists in Epignosis eFront CMS versions...
Epignosis eFront has multiple vulnerabilities
Epignosis eFront is an online learning system with an Ajax interface from Epignosis USA. The system allows you to create and manage courses with tools such as a content editor, file manager, and digital library. A security vulnerability exists in Epignosis eFront. An attacker can exploit the...
CVE-2015-1559
Multiple cross-site request forgery CSRF vulnerabilities in administrator.php in Epignosis eFront Open Source Edition before 3.6.15.3 build 18022 allow remote attackers to hijack the authentication of administrators for requests that 1 delete modules via the deletemodule parameter, 2 deactivate...
CVE-2015-1559
Multiple cross-site request forgery CSRF vulnerabilities in administrator.php in Epignosis eFront Open Source Edition before 3.6.15.3 build 18022 allow remote attackers to hijack the authentication of administrators for requests that 1 delete modules via the deletemodule parameter, 2 deactivate...