Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
36 vulnerabilities found for efront by efrontlearning
FKIE_CVE-2015-4461
Vulnerability from fkie_nvd - Published: 2018-02-05 16:29 - Updated: 2024-11-21 02:31
Severity ?
Summary
Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://forum.efrontlearning.net/viewtopic.php?f=15&t=9841 | Broken Link | |
| cve@mitre.org | https://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://forum.efrontlearning.net/viewtopic.php?f=15&t=9841 | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| efrontlearning | efront | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:efrontlearning:efront:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E9C48D-9061-4D77-BA44-7BBE019228CC",
"versionEndIncluding": "3.6.15.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio absoluto en eFront CMS 3.6.15.4 y anteriores permite que los usuarios Professor obtengan informaci\u00f3n sensible mediante un nombre de ruta completo en el par\u00e1metro other."
}
],
"id": "CVE-2015-4461",
"lastModified": "2024-11-21T02:31:07.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-05T16:29:00.487",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-4462
Vulnerability from fkie_nvd - Published: 2017-07-25 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://forum.efrontlearning.net/viewtopic.php?f=15&t=9841 | Vendor Advisory | |
| cve@mitre.org | http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://forum.efrontlearning.net/viewtopic.php?f=15&t=9841 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| efrontlearning | efront | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:efrontlearning:efront:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E9C48D-9061-4D77-BA44-7BBE019228CC",
"versionEndIncluding": "3.6.15.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the \"Upload file from url\" field in the file manager for professor.php."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de ruta de acceso absoluto en el componente file_manager de eFront CMS anterior a versi\u00f3n 3.6.15.5, permite a los usuarios autenticados remotos leer archivos arbitrarios por medio de un pathname completo en el campo \"Upload file from url\" en el administrador de archivos para professor.php."
}
],
"id": "CVE-2015-4462",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-25T18:29:00.587",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2015-4463
Vulnerability from fkie_nvd - Published: 2017-07-25 18:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://forum.efrontlearning.net/viewtopic.php?f=15&t=9841 | Vendor Advisory | |
| cve@mitre.org | http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://forum.efrontlearning.net/viewtopic.php?f=15&t=9841 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| efrontlearning | efront | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:efrontlearning:efront:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D2E9C48D-9061-4D77-BA44-7BBE019228CC",
"versionEndIncluding": "3.6.15.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL."
},
{
"lang": "es",
"value": "El componente file_manager en eFront CMS anterior a versi\u00f3n 3.6.15.5, permite a los usuarios autenticados remotos omitir las restricciones de carga de archivos previstas agregando un par\u00e1metro creado en la URL file."
}
],
"id": "CVE-2015-4463",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-25T18:29:00.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-4033
Vulnerability from fkie_nvd - Published: 2014-06-11 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| efrontlearning | efront | 3.6.14.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.6.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EC5B4918-2FD4-4CF6-A193-77F4E81B7209",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en libraries/includes/personal/profile.php en Epignosis eFront 3.6.14.4 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro del apellido en student.php."
}
],
"id": "CVE-2014-4033",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-06-11T14:55:09.643",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/127006/eFront-3.6.14.4-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/33697"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/67946"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/epignosis/efront_open_source/issues/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/127006/eFront-3.6.14.4-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/33697"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/epignosis/efront_open_source/issues/5"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-7194
Vulnerability from fkie_nvd - Published: 2013-12-21 00:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| efrontlearning | efront | 3.6.14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "1C496300-8E30-4875-9DAF-78BF5C43F0C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades cross-site scripting (XSS) en www/administrator.php de eFront 3.6.14 (build 18012) permite a usuarios remotos autenticados inyectar script web o HTML de forma arbitraria a trav\u00e9s de los campos (1) Last name, (2) Lesson name, o (3) Course name."
}
],
"id": "CVE-2013-7194",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2013-12-21T00:55:05.143",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/124400"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/30213"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/124400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/30213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89660"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-6515
Vulnerability from fkie_nvd - Published: 2013-01-24 01:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the installation path in an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| efrontlearning | efront | 3.6.10 | |
| efrontlearning | efront | 3.6.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A9611227-C16C-4F68-A0AF-104E3C53D6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "753C1CC8-D88B-424E-B3E4-A1F205FE71FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the installation path in an error message."
},
{
"lang": "es",
"value": "eFront 3.6.10, 3.6.11 build 15059 y anteriores, permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un par\u00e1metro courses_ID inv\u00e1lido en el m\u00f3dulo lesson_info hacia el index.php, lo que revela la ruta de instalaci\u00f3n de la aplicaci\u00f3n en un mensaje de error."
}
],
"id": "CVE-2012-6515",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-24T01:55:05.287",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://hauntit.blogspot.com/2012/04/en-efront-3610-cms-information.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49003"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53272"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://hauntit.blogspot.com/2012/04/en-efront-3610-cms-information.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53272"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-4269
Vulnerability from fkie_nvd - Published: 2012-08-13 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| efrontlearning | efront | 3.6.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "753C1CC8-D88B-424E-B3E4-A1F205FE71FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message."
},
{
"lang": "es",
"value": "Una vulnerabilidad de subida de archivos sin restricciones en eFront v3.6.11 permite a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n mediante la subida de un archivo con una extensi\u00f3n ejecutable a trav\u00e9s de un archivo adjunto en un mensaje.\r\n"
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/434.html \u0027CWE-434: Unrestricted Upload of File with Dangerous Type\u0027",
"id": "CVE-2012-4269",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-13T22:55:01.380",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53412"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75443"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75443"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-4270
Vulnerability from fkie_nvd - Published: 2012-08-13 22:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| efrontlearning | efront | 3.6.11 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "753C1CC8-D88B-424E-B3E4-A1F205FE71FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en eFront v3.6.11 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s del campo de asunto de un mensaje.\r\n"
}
],
"id": "CVE-2012-4270",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-13T22:55:01.443",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53412"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75442"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-1918
Vulnerability from fkie_nvd - Published: 2010-05-12 11:46 - Updated: 2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatrooms_ID parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| efrontlearning | efront | * | |
| efrontlearning | efront | 3.1.0 | |
| efrontlearning | efront | 3.1.2 | |
| efrontlearning | efront | 3.1.3 | |
| efrontlearning | efront | 3.1.4 | |
| efrontlearning | efront | 3.5.0 | |
| efrontlearning | efront | 3.5.0 | |
| efrontlearning | efront | 3.5.0 | |
| efrontlearning | efront | 3.5.0 | |
| efrontlearning | efront | 3.5.0 | |
| efrontlearning | efront | 3.5.1 | |
| efrontlearning | efront | 3.5.2 | |
| efrontlearning | efront | 3.5.3 | |
| efrontlearning | efront | 3.5.4 | |
| efrontlearning | efront | 3.5.5 | |
| efrontlearning | efront | 3.6 | |
| efrontlearning | efront | 3.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:efrontlearning:efront:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F066887-2FFE-4B33-BAC2-0E72A148D292",
"versionEndIncluding": "3.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4945EB-C2DC-41FB-8B49-8F27D1EBF19E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9648CD63-D34E-4298-8D54-2FF72C257477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E993440A-7730-4540-B6BC-5CFC1636FE0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B9A7A13D-A022-49A0-BED7-701D333724B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8802C5D3-64CD-4199-ABBC-F5AEE5AFDE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.5.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "BD62DC8C-619B-4B61-AFAC-B7F6AFCBEB79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.5.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "A230995D-9925-4774-9CFC-4329F756EE36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.5.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "395AFAEC-9811-4CB8-A105-AB9B9C85DA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.5.0:beta4:*:*:*:*:*:*",
"matchCriteriaId": "E7699ABE-E6AB-490F-9D1E-34F1EE2467B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "964B61AA-BB5B-4B19-8077-0AD5415D4788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD265DFA-0072-48E5-86EE-079060723C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "23A6A4AB-1DB7-44D2-8775-0018C926277E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6FCA0E12-672C-45B0-87A2-CE76A97F182F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "25674C08-9CD4-4B79-AC21-11107B71D4C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "26E22BEE-F7BA-4795-BD8F-EF3FD66F6338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "188BA3F0-FDB5-4928-9A0A-6188A77446CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatrooms_ID parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en ask_chat.php de eFront v3.6.2 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante el par\u00e1metro chatrooms_ID."
}
],
"id": "CVE-2010-1918",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-05-12T11:46:40.377",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/64506"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1005-exploits/MOPS-2010-018.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39728"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.php-security.org/2010/05/09/mops-2010-018-efront-ask_chat-chatrooms_id-sql-injection-vulnerability/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/40032"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/64506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1005-exploits/MOPS-2010-018.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39728"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.php-security.org/2010/05/09/mops-2010-018-efront-ask_chat-chatrooms_id-sql-injection-vulnerability/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/40032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/1101"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-1003
Vulnerability from fkie_nvd - Published: 2010-03-19 20:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langname parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| efrontlearning | efront | 3.5.0 | |
| efrontlearning | efront | 3.5.1 | |
| efrontlearning | efront | 3.5.2 | |
| efrontlearning | efront | 3.5.3 | |
| efrontlearning | efront | 3.5.4 | |
| efrontlearning | efront | 3.5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8802C5D3-64CD-4199-ABBC-F5AEE5AFDE46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "964B61AA-BB5B-4B19-8077-0AD5415D4788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD265DFA-0072-48E5-86EE-079060723C10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "23A6A4AB-1DB7-44D2-8775-0018C926277E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6FCA0E12-672C-45B0-87A2-CE76A97F182F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:efrontlearning:efront:3.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "25674C08-9CD4-4B79-AC21-11107B71D4C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langname parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en www/editor/tiny_mce/langs/language.php en eFront v3.5.x hasta v3.5.5 permite a atacanets remotos incluir y ejecutar archivos locales de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en el par\u00e1metro langname."
}
],
"id": "CVE-2010-1003",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-03-19T20:30:00.500",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=1945"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/63028"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.coresecurity.com/content/efront-php-file-inclusion"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.efrontlearning.net/product/efront-news/265-important-security-fix.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/510155/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/38787"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=1945"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/63028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.coresecurity.com/content/efront-php-file-inclusion"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.efrontlearning.net/product/efront-news/265-important-security-fix.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/510155/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/38787"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-4461 (GCVE-0-2015-4461)
Vulnerability from cvelistv5 – Published: 2018-02-05 16:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2016-05-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:10.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-05T15:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841",
"refsource": "CONFIRM",
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
},
{
"name": "https://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html",
"refsource": "MISC",
"url": "https://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4461",
"datePublished": "2018-02-05T16:00:00.000Z",
"dateReserved": "2015-06-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:18:10.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4462 (GCVE-0-2015-4462)
Vulnerability from cvelistv5 – Published: 2017-07-25 18:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2015-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the \"Upload file from url\" field in the file manager for professor.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-02T11:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the \"Upload file from url\" field in the file manager for professor.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html",
"refsource": "MISC",
"url": "http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
},
{
"name": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841",
"refsource": "CONFIRM",
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4462",
"datePublished": "2017-07-25T18:00:00.000Z",
"dateReserved": "2015-06-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:18:11.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4463 (GCVE-0-2015-4463)
Vulnerability from cvelistv5 – Published: 2017-07-25 18:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2015-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-02T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html",
"refsource": "MISC",
"url": "http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
},
{
"name": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841",
"refsource": "CONFIRM",
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4463",
"datePublished": "2017-07-25T18:00:00.000Z",
"dateReserved": "2015-06-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:18:11.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4033 (GCVE-0-2014-4033)
Vulnerability from cvelistv5 – Published: 2014-06-11 14:00 – Updated: 2024-09-17 00:16
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:04:28.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "67946",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67946"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127006/eFront-3.6.14.4-Cross-Site-Scripting.html"
},
{
"name": "33697",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/33697"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/epignosis/efront_open_source/issues/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-11T14:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "67946",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67946"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127006/eFront-3.6.14.4-Cross-Site-Scripting.html"
},
{
"name": "33697",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/33697"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/epignosis/efront_open_source/issues/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67946",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67946"
},
{
"name": "http://packetstormsecurity.com/files/127006/eFront-3.6.14.4-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127006/eFront-3.6.14.4-Cross-Site-Scripting.html"
},
{
"name": "33697",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33697"
},
{
"name": "https://github.com/epignosis/efront_open_source/issues/5",
"refsource": "CONFIRM",
"url": "https://github.com/epignosis/efront_open_source/issues/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4033",
"datePublished": "2014-06-11T14:00:00.000Z",
"dateReserved": "2014-06-11T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:16:17.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7194 (GCVE-0-2013-7194)
Vulnerability from cvelistv5 – Published: 2013-12-21 00:00 – Updated: 2024-08-06 18:01
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2013-12-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30213",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30213"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/124400"
},
{
"name": "efront-administrator-multiple-xss(89660)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30213",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30213"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/124400"
},
{
"name": "efront-administrator-multiple-xss(89660)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30213",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30213"
},
{
"name": "http://packetstormsecurity.com/files/124400",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124400"
},
{
"name": "efront-administrator-multiple-xss(89660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7194",
"datePublished": "2013-12-21T00:00:00.000Z",
"dateReserved": "2013-12-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:01:19.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6515 (GCVE-0-2012-6515)
Vulnerability from cvelistv5 – Published: 2013-01-24 01:00 – Updated: 2024-09-17 03:12
VLAI?
Summary
eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the installation path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hauntit.blogspot.com/2012/04/en-efront-3610-cms-information.html"
},
{
"name": "49003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49003"
},
{
"name": "53272",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53272"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-24T01:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hauntit.blogspot.com/2012/04/en-efront-3610-cms-information.html"
},
{
"name": "49003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49003"
},
{
"name": "53272",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53272"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hauntit.blogspot.com/2012/04/en-efront-3610-cms-information.html",
"refsource": "MISC",
"url": "http://hauntit.blogspot.com/2012/04/en-efront-3610-cms-information.html"
},
{
"name": "49003",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49003"
},
{
"name": "53272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53272"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6515",
"datePublished": "2013-01-24T01:00:00.000Z",
"dateReserved": "2013-01-23T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:12:28.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4269 (GCVE-0-2012-4269)
Vulnerability from cvelistv5 – Published: 2012-08-13 22:00 – Updated: 2024-08-06 20:28
VLAI?
Summary
Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2012-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:28:07.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53412"
},
{
"name": "efront-upload-file-upload(75443)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75443"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "53412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53412"
},
{
"name": "efront-upload-file-upload(75443)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75443"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53412"
},
{
"name": "efront-upload-file-upload(75443)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75443"
},
{
"name": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4269",
"datePublished": "2012-08-13T22:00:00.000Z",
"dateReserved": "2012-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:28:07.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4270 (GCVE-0-2012-4270)
Vulnerability from cvelistv5 – Published: 2012-08-13 22:00 – Updated: 2024-08-06 20:28
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2012-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:28:07.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53412"
},
{
"name": "efront-admin-xss(75442)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75442"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "53412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53412"
},
{
"name": "efront-admin-xss(75442)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75442"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53412"
},
{
"name": "efront-admin-xss(75442)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75442"
},
{
"name": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4270",
"datePublished": "2012-08-13T22:00:00.000Z",
"dateReserved": "2012-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:28:07.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1918 (GCVE-0-2010-1918)
Vulnerability from cvelistv5 – Published: 2010-05-12 00:00 – Updated: 2024-09-17 03:55
VLAI?
Summary
SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatrooms_ID parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39728"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1005-exploits/MOPS-2010-018.pdf"
},
{
"name": "40032",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40032"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.php-security.org/2010/05/09/mops-2010-018-efront-ask_chat-chatrooms_id-sql-injection-vulnerability/index.html"
},
{
"name": "64506",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/64506"
},
{
"name": "ADV-2010-1101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatrooms_ID parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-12T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39728"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1005-exploits/MOPS-2010-018.pdf"
},
{
"name": "40032",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40032"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.php-security.org/2010/05/09/mops-2010-018-efront-ask_chat-chatrooms_id-sql-injection-vulnerability/index.html"
},
{
"name": "64506",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/64506"
},
{
"name": "ADV-2010-1101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatrooms_ID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39728",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39728"
},
{
"name": "http://packetstormsecurity.org/1005-exploits/MOPS-2010-018.pdf",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1005-exploits/MOPS-2010-018.pdf"
},
{
"name": "40032",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40032"
},
{
"name": "http://www.php-security.org/2010/05/09/mops-2010-018-efront-ask_chat-chatrooms_id-sql-injection-vulnerability/index.html",
"refsource": "MISC",
"url": "http://www.php-security.org/2010/05/09/mops-2010-018-efront-ask_chat-chatrooms_id-sql-injection-vulnerability/index.html"
},
{
"name": "64506",
"refsource": "OSVDB",
"url": "http://osvdb.org/64506"
},
{
"name": "ADV-2010-1101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1918",
"datePublished": "2010-05-12T00:00:00.000Z",
"dateReserved": "2010-05-11T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:55:09.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1003 (GCVE-0-2010-1003)
Vulnerability from cvelistv5 – Published: 2010-03-19 20:00 – Updated: 2024-08-07 01:06
VLAI?
Summary
Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langname parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2010-03-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100316 CORE-2010-0311 - eFront-learning PHP file inclusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510155/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.efrontlearning.net/product/efront-news/265-important-security-fix.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/efront-php-file-inclusion"
},
{
"name": "38787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38787"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=1945"
},
{
"name": "63028",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/63028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langname parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20100316 CORE-2010-0311 - eFront-learning PHP file inclusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510155/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.efrontlearning.net/product/efront-news/265-important-security-fix.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/efront-php-file-inclusion"
},
{
"name": "38787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38787"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=1945"
},
{
"name": "63028",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/63028"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langname parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100316 CORE-2010-0311 - eFront-learning PHP file inclusion vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510155/100/0/threaded"
},
{
"name": "http://www.efrontlearning.net/product/efront-news/265-important-security-fix.html",
"refsource": "CONFIRM",
"url": "http://www.efrontlearning.net/product/efront-news/265-important-security-fix.html"
},
{
"name": "http://www.coresecurity.com/content/efront-php-file-inclusion",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/efront-php-file-inclusion"
},
{
"name": "38787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38787"
},
{
"name": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=1945",
"refsource": "CONFIRM",
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=1945"
},
{
"name": "63028",
"refsource": "OSVDB",
"url": "http://osvdb.org/63028"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1003",
"datePublished": "2010-03-19T20:00:00.000Z",
"dateReserved": "2010-03-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:06:52.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4461 (GCVE-0-2015-4461)
Vulnerability from nvd – Published: 2018-02-05 16:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2016-05-23 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:10.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-02-05T15:57:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and earlier allows remote Professor users to obtain sensitive information via a full pathname in the other parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841",
"refsource": "CONFIRM",
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
},
{
"name": "https://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html",
"refsource": "MISC",
"url": "https://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4461",
"datePublished": "2018-02-05T16:00:00.000Z",
"dateReserved": "2015-06-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:18:10.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4462 (GCVE-0-2015-4462)
Vulnerability from nvd – Published: 2017-07-25 18:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file from url" field in the file manager for professor.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2015-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the \"Upload file from url\" field in the file manager for professor.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-02T11:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the \"Upload file from url\" field in the file manager for professor.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html",
"refsource": "MISC",
"url": "http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
},
{
"name": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841",
"refsource": "CONFIRM",
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4462",
"datePublished": "2017-07-25T18:00:00.000Z",
"dateReserved": "2015-06-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:18:11.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-4463 (GCVE-0-2015-4463)
Vulnerability from nvd – Published: 2017-07-25 18:00 – Updated: 2024-08-06 06:18
VLAI?
Summary
The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Date Public ?
2015-05-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T06:18:11.061Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-05-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-02T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html",
"refsource": "MISC",
"url": "http://mohankallepalli.blogspot.in/2015/05/eFront-cms-multiple-bugs.html"
},
{
"name": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841",
"refsource": "CONFIRM",
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=9841"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-4463",
"datePublished": "2017-07-25T18:00:00.000Z",
"dateReserved": "2015-06-10T00:00:00.000Z",
"dateUpdated": "2024-08-06T06:18:11.061Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4033 (GCVE-0-2014-4033)
Vulnerability from nvd – Published: 2014-06-11 14:00 – Updated: 2024-09-17 00:16
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:04:28.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "67946",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67946"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/127006/eFront-3.6.14.4-Cross-Site-Scripting.html"
},
{
"name": "33697",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/33697"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/epignosis/efront_open_source/issues/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-06-11T14:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "67946",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67946"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/127006/eFront-3.6.14.4-Cross-Site-Scripting.html"
},
{
"name": "33697",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/33697"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/epignosis/efront_open_source/issues/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "67946",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67946"
},
{
"name": "http://packetstormsecurity.com/files/127006/eFront-3.6.14.4-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/127006/eFront-3.6.14.4-Cross-Site-Scripting.html"
},
{
"name": "33697",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/33697"
},
{
"name": "https://github.com/epignosis/efront_open_source/issues/5",
"refsource": "CONFIRM",
"url": "https://github.com/epignosis/efront_open_source/issues/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4033",
"datePublished": "2014-06-11T14:00:00.000Z",
"dateReserved": "2014-06-11T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:16:17.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7194 (GCVE-0-2013-7194)
Vulnerability from nvd – Published: 2013-12-21 00:00 – Updated: 2024-08-06 18:01
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2013-12-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30213",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30213"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/124400"
},
{
"name": "efront-administrator-multiple-xss(89660)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89660"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "30213",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30213"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/124400"
},
{
"name": "efront-administrator-multiple-xss(89660)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89660"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30213",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30213"
},
{
"name": "http://packetstormsecurity.com/files/124400",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124400"
},
{
"name": "efront-administrator-multiple-xss(89660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89660"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7194",
"datePublished": "2013-12-21T00:00:00.000Z",
"dateReserved": "2013-12-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:01:19.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6515 (GCVE-0-2012-6515)
Vulnerability from nvd – Published: 2013-01-24 01:00 – Updated: 2024-09-17 03:12
VLAI?
Summary
eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the installation path in an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://hauntit.blogspot.com/2012/04/en-efront-3610-cms-information.html"
},
{
"name": "49003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49003"
},
{
"name": "53272",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53272"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the installation path in an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-01-24T01:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://hauntit.blogspot.com/2012/04/en-efront-3610-cms-information.html"
},
{
"name": "49003",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49003"
},
{
"name": "53272",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53272"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers to obtain sensitive information via invalid courses_ID parameter in the lesson_info module to index.php, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hauntit.blogspot.com/2012/04/en-efront-3610-cms-information.html",
"refsource": "MISC",
"url": "http://hauntit.blogspot.com/2012/04/en-efront-3610-cms-information.html"
},
{
"name": "49003",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49003"
},
{
"name": "53272",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53272"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6515",
"datePublished": "2013-01-24T01:00:00.000Z",
"dateReserved": "2013-01-23T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:12:28.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4269 (GCVE-0-2012-4269)
Vulnerability from nvd – Published: 2012-08-13 22:00 – Updated: 2024-08-06 20:28
VLAI?
Summary
Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2012-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:28:07.807Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53412"
},
{
"name": "efront-upload-file-upload(75443)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75443"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "53412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53412"
},
{
"name": "efront-upload-file-upload(75443)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75443"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in eFront 3.6.11 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension via an attachment in a message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53412"
},
{
"name": "efront-upload-file-upload(75443)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75443"
},
{
"name": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4269",
"datePublished": "2012-08-13T22:00:00.000Z",
"dateReserved": "2012-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:28:07.807Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4270 (GCVE-0-2012-4270)
Vulnerability from nvd – Published: 2012-08-13 22:00 – Updated: 2024-08-06 20:28
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2012-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:28:07.870Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "53412",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53412"
},
{
"name": "efront-admin-xss(75442)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75442"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "53412",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53412"
},
{
"name": "efront-admin-xss(75442)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75442"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows remote authenticated users to inject arbitrary web script or HTML via the subject box of a message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53412"
},
{
"name": "efront-admin-xss(75442)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75442"
},
{
"name": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112496/Efront-3.6.11-Cross-Site-Scripting-Shell-Upload.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4270",
"datePublished": "2012-08-13T22:00:00.000Z",
"dateReserved": "2012-08-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:28:07.870Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1918 (GCVE-0-2010-1918)
Vulnerability from nvd – Published: 2010-05-12 00:00 – Updated: 2024-09-17 03:55
VLAI?
Summary
SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatrooms_ID parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:17:12.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "39728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39728"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1005-exploits/MOPS-2010-018.pdf"
},
{
"name": "40032",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/40032"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.php-security.org/2010/05/09/mops-2010-018-efront-ask_chat-chatrooms_id-sql-injection-vulnerability/index.html"
},
{
"name": "64506",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/64506"
},
{
"name": "ADV-2010-1101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatrooms_ID parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-12T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "39728",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39728"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1005-exploits/MOPS-2010-018.pdf"
},
{
"name": "40032",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/40032"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.php-security.org/2010/05/09/mops-2010-018-efront-ask_chat-chatrooms_id-sql-injection-vulnerability/index.html"
},
{
"name": "64506",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/64506"
},
{
"name": "ADV-2010-1101",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and earlier allows remote attackers to execute arbitrary SQL commands via the chatrooms_ID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39728",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39728"
},
{
"name": "http://packetstormsecurity.org/1005-exploits/MOPS-2010-018.pdf",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1005-exploits/MOPS-2010-018.pdf"
},
{
"name": "40032",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/40032"
},
{
"name": "http://www.php-security.org/2010/05/09/mops-2010-018-efront-ask_chat-chatrooms_id-sql-injection-vulnerability/index.html",
"refsource": "MISC",
"url": "http://www.php-security.org/2010/05/09/mops-2010-018-efront-ask_chat-chatrooms_id-sql-injection-vulnerability/index.html"
},
{
"name": "64506",
"refsource": "OSVDB",
"url": "http://osvdb.org/64506"
},
{
"name": "ADV-2010-1101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1918",
"datePublished": "2010-05-12T00:00:00.000Z",
"dateReserved": "2010-05-11T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:55:09.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1003 (GCVE-0-2010-1003)
Vulnerability from nvd – Published: 2010-03-19 20:00 – Updated: 2024-08-07 01:06
VLAI?
Summary
Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langname parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Date Public ?
2010-03-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:06:52.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100316 CORE-2010-0311 - eFront-learning PHP file inclusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510155/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.efrontlearning.net/product/efront-news/265-important-security-fix.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/efront-php-file-inclusion"
},
{
"name": "38787",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38787"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=1945"
},
{
"name": "63028",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/63028"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langname parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20100316 CORE-2010-0311 - eFront-learning PHP file inclusion vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510155/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.efrontlearning.net/product/efront-news/265-important-security-fix.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/efront-php-file-inclusion"
},
{
"name": "38787",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38787"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=1945"
},
{
"name": "63028",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/63028"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in www/editor/tiny_mce/langs/language.php in eFront 3.5.x through 3.5.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the langname parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100316 CORE-2010-0311 - eFront-learning PHP file inclusion vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510155/100/0/threaded"
},
{
"name": "http://www.efrontlearning.net/product/efront-news/265-important-security-fix.html",
"refsource": "CONFIRM",
"url": "http://www.efrontlearning.net/product/efront-news/265-important-security-fix.html"
},
{
"name": "http://www.coresecurity.com/content/efront-php-file-inclusion",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/efront-php-file-inclusion"
},
{
"name": "38787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38787"
},
{
"name": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=1945",
"refsource": "CONFIRM",
"url": "http://forum.efrontlearning.net/viewtopic.php?f=15\u0026t=1945"
},
{
"name": "63028",
"refsource": "OSVDB",
"url": "http://osvdb.org/63028"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1003",
"datePublished": "2010-03-19T20:00:00.000Z",
"dateReserved": "2010-03-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:06:52.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}