Moodle 安全漏洞

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. Moodle suffers from a security vulnerability that stems from an insufficient restriction that allows students to bypass sequential...

WordPress CLUEVO LMS, E-Learning Platform Plugin <= 1.10.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software CLUEVO LMS, E-Learning Platform Type Plugin Vulnerable versions = 1.10.0 Fixed in 1.11.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-40607 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 43e0be6be22c Credits...

CVE-2023-40021

Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...

CVE-2023-40021 Timing Attack Reveals CSRF Tokens in oppia

Oppia is an online learning platform. When comparing a received CSRF token against the expected token, Oppia uses the string equality operator ==, which is not safe against timing attacks. By repeatedly submitting invalid tokens, an attacker can brute-force the expected CSRF token character by...

CVE-2023-38964

Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting XSS vulnerability...

The vulnerability of the validate_path_is_safe() function in the machine learning lifecycle management platform allows a attacker to disclose sensitive information or execute arbitrary files.

The vulnerability of the validatepathissafe function in the machine learning model lifecycle management platform exists due to an incorrect restriction on the path name to the restricted-access directory. Exploiting this vulnerability could allow a malicious actor to disclose sensitive informatio...

Cross site scripting

A vulnerability was found in GZ Scripts GZ E Learning Platform 1.8 and classified as problematic. This issue affects some unknown processing of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-233357 was...

CVE-2023-3563 GZ Scripts GZ E Learning Platform URL Parameter cross site scripting

A vulnerability was found in GZ Scripts GZ E Learning Platform 1.8 and classified as problematic. This issue affects some unknown processing of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-233357 was...

CVE-2023-3563 GZ Scripts GZ E Learning Platform URL Parameter cross site scripting

A vulnerability was found in GZ Scripts GZ E Learning Platform 1.8 and classified as problematic. This issue affects some unknown processing of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-233357 was...

CVE-2023-3563

The CVE-2023-3563 entry concerns GZ Scripts’ GZ E Learning Platform 1.8. The vulnerability affects the URL Parameter Handler component, caused by insecure/unknown processing that enables cross-site scripting (XSS) and can be exploited remotely. The available sources do not specify a fixed version...

PT-2023-25233 · Gz Scripts · Gz E Learning Platform

Name of the Vulnerable Software and Affected Versions: GZ Scripts GZ E Learning Platform version 1.8 Description: A problem was found in the processing of the component URL Parameter Handler, which can lead to cross site scripting. The issue can be exploited remotely. Recommendations: For GZ...

GZ E Learning Platform 1.8 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...

CVE-2023-30620 Arbitrary File Write when Extracting a Remotely retrieved Tarball in mindsdb/mindsdb

mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using tarfile.extractall from a remotely retrieved tarball. Which may lead to the writing of the extracted files to an unintended location. Sometimes, the...

CVE-2022-23522

CVE-2022-23522 concerns MindsDB, where unsafe extraction via shutil.unpack_archive() from remotely retrieved tarballs may write files outside the intended directory (TarSlip/ZipSlip variant). The underlying issue: validating destination paths during archive extraction is insufficient, enabling cr...

The vulnerability of the ML lifecycle management platform, related to an incorrect restriction on the path name for the restricted access catalog, allows a perpetrator to gain unauthorized access to protected information, execute arbitrary code, or obtain full control over the system.

The vulnerability of the ML lifecycle management platform is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information, execute arbitrary code, or gain full contr...

CVE-2023-25676 TensorFlow has null dereference on ParallelConcat with XLA

TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1...

CVE-2022-35992 `CHECK` fail in `TensorListFromTensor` in TensorFlow

TensorFlow is an open source platform for machine learning. When TensorListFromTensor receives an elementshape of a rank greater than one, it gives a CHECK fail that can trigger a denial of service attack. We have patched the issue in GitHub commit 3db59a042a38f4338aa207922fa2f476e000a6ee. The fi...

Beijing Century Super Star Information Technology Development Co., Ltd. learning through the quality of engineering platform there are logical flaws vulnerabilities

Beijing Century Super Star Information Technology Development Co., Ltd. is an education informatization enterprise driven by technology, product and service innovation. A logic flaw vulnerability exists in the Beijing Century Super Star Information Technology Development Limited Liability Company...

DLS 路径遍历漏洞

DLS is a GUI-based deep learning platform open-sourced by SummaLabs. DLS version 0.1.0 and previous versions have a security vulnerability , the vulnerability stems from Flask sendfile function call incorrectly leads to absolute path traversal...

Creativeitem Academy-LMS Cross-Site Scripting Vulnerability

Creativeitem Academy-LMS, an online learning platform from Creativeitem, Inc. A cross-site scripting vulnerability exists in Creativeitem Academy-LMS v4.3, which stems from a lack of data validation filtering of user-supplied data and output in the SEO panel. An attacker could exploit this...