3 matches found
CVE-2015-0913
CVE-2015-0913 affects EasyCTF (server-side CGI) with a cross-site scripting (CWE-79) vulnerability that allows remote authenticated users to inject arbitrary script/HTML via unspecified vectors. The connected JVN/NVD entries indicate EasyCTF versions 1.3 and earlier are vulnerable. Root cause: in...
CVE-2015-0914
CVE-2015-0914 affects EasyCTF prior to 1.4. The vulnerability is a session management weakness (CWE-639) where session IDs are not validated, allowing a remote attacker to gain unauthorized access via a crafted HTTP request. Impact stated: possible login and information disclosure without credent...
CVE-2015-0912
EasyCTF is a server-side CGI scoring tool. A vulnerability (CWE-22) allows a remote attacker to create arbitrary files on the server, which may lead to arbitrary code execution. Affected products: EasyCTF 1.3 and earlier. Root cause involves improper handling of file writes (arbitrary file creati...