MidnightBSD

Advisories for kozos

CVE-2015-0912 MEDIUM

EasyCTF before 1.4 allows remote authenticated users to write executable content to files via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
kozos easyctf *
CVE-2015-0913 LOW

Cross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
kozos easyctf *
CVE-2015-0914 MEDIUM

EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
kozos easyctf *