Lucene search
+L

143 matches found

cnvd
cnvd
added 2019/12/03 12:0 a.m.4 views

Forma Learning Management System SQL Injection Vulnerability

Forma Learning Management System LMS is a learning management system LMS. A SQL injection vulnerability exists in the Forma Learning Management System. An attacker could exploit this vulnerability by sending a specially crafted web request to disclose database user credentials and access the...

8.8CVSS7.8AI score0.01064EPSS
Exploits1References1
attackerkb
attackerkb
added 2019/12/03 12:0 a.m.22 views

CVE-2019-5111

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filtercat was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with parameters...

8.8CVSS5AI score0.01393EPSS
Exploits1References2
attackerkb
attackerkb
added 2019/12/03 12:0 a.m.16 views

CVE-2019-5112

Exploitable SQL injection vulnerability exists in the authenticated portion of Forma LMS 2.2.1. The /appLms/ajax.server.php URL and parameter filterstatus was confirmed to suffer from SQL injections and could be exploited by authenticated attackers. An attacker can send a web request with...

8.8CVSS5AI score0.01605EPSS
Exploits1References2
talosblog
talosblog
added 2019/12/02 10:46 a.m.38 views

Vulnerability Spotlight: SQL injection vulnerabilities in Forma Learning Management System

Yuri Kramarz of Security Advisory EMEAR discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered three SQL injection vulnerabilities in the authenticated portion of the Formal Learning Management System. LMS is a set of software that allows companies to build and hos...

6.5CVSS1.5AI score0.01605EPSS
Exploits4
talos
talos
added 2019/12/02 12:0 a.m.81 views

Forma LMS 2.2.1 /appLms/ajax.server.php filter_cat and filter_status parameters SQL injections

Summary Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...

8.5AI score
Exploits0
talos
talos
added 2019/12/02 12:0 a.m.50 views

Forma LMS 2.2.1 /appCore/index.php users parameter SQL injections

Summary Exploitable SQL injection vulnerabilities exist in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowing...

8.8CVSS8.7AI score0.01064EPSS
Exploits1
talos
talos
added 2019/12/02 12:0 a.m.50 views

Forma LMS 2.2.1 ajax.adm_server.php dir parameter SQL injections

Summary Exploitable SQL injection vulnerabilities exists in the authenticated portion of Forma LMS 2.2.1. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this vulnerability, potentially allowin...

8.8CVSS8.6AI score0.01064EPSS
Exploits1
openbugbounty
openbugbounty
added 2016/11/17 7:26 p.m.22 views

ecole-forma-study.com XSS vulnerability

Open Bug Bounty ID: OBB-193357 Description| Value ---|--- Affected Website:| ecole-forma-study.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
ciscothreats
ciscothreats
added 2016/03/21 1:51 p.m.9 views

Threat Outbreak Alert RuleID21769: Email Messages Distributing Malicious Software on March 20, 2016

Medium Alert ID: 44219 First Published: 2016 March 21 13:51 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID21769 may contain the following files: Name | Si...

0.3AI score
Exploits0
cnvd
cnvd
added 2015/05/26 12:0 a.m.4 views

Forma Lms SQL Injection Vulnerability

Forma Lms is an open source web-based learning management system LMS. A SQL injection vulnerability exists in Forma Lms, which allows remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain database data...

8.1AI score
Exploits0References1
exploitpack
exploitpack
added 2015/05/21 12:0 a.m.21 views

Forma LMS 1.3 - Multiple SQL Injections

Forma LMS 1.3 - Multiple SQL Injections Forma LMS 1.3 Multiple SQL Injections + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

Exploits0
exploitdb
exploitdb
added 2015/05/21 12:0 a.m.40 views

Forma LMS 1.3 - Multiple SQL Injections

Forma LMS 1.3 Multiple SQL Injections + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full Advisory: https://www.securenetwork.it/docs/advisory/SN-15-03Formalms.pdf + Info:...

7AI score
Exploits0
packetstorm
packetstorm
added 2015/05/18 12:0 a.m.38 views

Forma LMS 1.3 PHP Object Injection

Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2015/05/18 12:0 a.m.21 views

Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities

Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full...

0.5AI score
Exploits0
zdt
zdt
added 2015/05/18 12:0 a.m.33 views

Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities

Exploit for php platform in category web applications Forma LMS 1.3 Multiple SQL Injections + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

7.1AI score
Exploits0
exploitdb
exploitdb
added 2015/05/18 12:0 a.m.31 views

Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities

Forma LMS 1.3 Multiple PHP Object Injection Vulnerabilities + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full Advisory:...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2014/12/01 12:0 a.m.80 views

Two Reflected Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms

Advisory ID: HTB23226 Product: Forma Lms Vendor: http://www.formalms.org/ Vulnerable Versions: 1.2.1 and probably prior Tested Version: 1.2.1 Advisory Publication: August 6, 2014 without technical details Vendor Notification: August 6, 2014 Vendor Patch: November 4, 2014 Public Disclosure: Novemb...

4.3CVSS6.8AI score0.01891EPSS
Exploits2
nvd
nvd
added 2014/11/06 3:55 p.m.27 views

CVE-2014-5257

Multiple cross-site scripting XSS vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the 1 idcustom parameter in an amanmenu request or 2 idgame parameter in an alms/games/edit request to appCore/index.php...

4.3CVSS5.7AI score0.01891EPSS
Exploits2References5
prion
prion
added 2014/11/06 3:55 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the 1 idcustom parameter in an amanmenu request or 2 idgame parameter in an alms/games/edit request to appCore/index.php...

4.3CVSS6.1AI score0.01891EPSS
Exploits2References5Affected Software1
cvelist
cvelist
added 2014/11/06 3:0 p.m.30 views

CVE-2014-5257

Multiple cross-site scripting XSS vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the 1 idcustom parameter in an amanmenu request or 2 idgame parameter in an alms/games/edit request to appCore/index.php...

5.7AI score0.01891EPSS
Exploits2References5
Rows per page
Query Builder