Improper access control

aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can allow an attacker to gain unauthenticated access to sensitive functionalities in the application...

Information disclosure

aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor...

CVE-2022-28740

aEnrich eHRD Learning Management Key Performance Indicator System 5+ exposes Sensitive Information to an Unauthorized Actor...

CVE-2022-28740

The CVE-2022-28740 entry concerns the aEnrich eHRD Learning Management Key Performance Indicator System (version 5+). Affected component/product: aEnrich eHRD LMS KPI System. Impact: exposure of sensitive information to an unauthorized actor. Exploitation details, affected versions beyond 5+, and...

CVE-2022-28742

CVE-2022-28742 affects aEnrich eHRD Learning Management Key Performance Indicator System (version 5+). The vulnerability is improper access control: the web application does not validate user sessions on many pages, allowing an unauthenticated attacker to access sensitive functionality. Impact de...

CVE-2022-28742

aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can allow an attacker to gain unauthenticated access to sensitive functionalities in the application...

aEnrich eHRD Learning Management Key Performance Indicator System 5.x 安全漏洞

aEnrich eHRD Learning Management Key Performance Indicator System 5+ is a web-based Learning Management System LMS from aEnrich Corporation in China. A security vulnerability exists in the aEnrich eHRD Learning Management Key Performance Indicator System version 5.x, which originates from exposin...

PT-2022-19202 · Unknown · Aenrich A+Hrd 5.X Learning Management Key Performance Indicator System

Name of the Vulnerable Software and Affected Versions: aEnrich a+HRD 5.x Learning Management Key Performance Indicator System version 5.x Description: The issue is related to a local file inclusion LFI vulnerability due to missing input validation. Recommendations: For version 5.x, update to a...

PT-2022-19203 · Unknown · Aenrich Ehrd Learning Management Key Performance Indicator System

Name of the Vulnerable Software and Affected Versions: aEnrich eHRD Learning Management Key Performance Indicator System version 5+ Description: The issue concerns improper access control in the web application, where it fails to validate user sessions when accessing various application pages. Th...

aEnrich eHRD Learning Management Key Performance Indicator System 安全漏洞

The aEnrich eHRD Learning Management Key Performance Indicator System 5+ is a web-based Learning Management System LMS from aEnrich Corporation in China. A security vulnerability exists in the aEnrich eHRD Learning Management Key Performance Indicator System version 5.x. The vulnerability stems...

3 Ways to Improve Data Protection in the Cloud

Cloud complexity is now a well-documented and widely felt phenomenon across technology teams — IT, development, and security alike. Multi-cloud architectures have become the norm, with 89% of organizations embracing a strategy that involves multiple cloud vendors. Not only are companies managing...

5 Things Rapid7 Looks for in a BDR, and How We Spot Them

Every successful organization has a great salesforce. At Rapid7, the Business Development Representative BDR Program is a huge source of talent for our sales organization. Some of our most successful salespeople come from the program. So, what is it? The BDR Program at Rapid7 is an entry-level...

NVIDIA NVFLARE 代码问题漏洞

NVIDIA NVFLARE is a standalone Python library from NVIDIA, Inc. Designed to support joint learning between parties using their local secure protected data for client-side training, it also includes functionality for coordinating and exchanging the progress of results across all sites to achieve...

Claroline 跨站脚本漏洞

Claroline is an open source learning management system from Claroline Open Source. A security vulnerability exists in Claroline version 13.5.7 and earlier versions. An attacker exploited the vulnerability to elevate privileges by arbitrarily creating privileged users...

Beijing Century Superstar Information Technology Development Co., Ltd.'s Learning Pass suffers from a stored XSS vulnerability

LearningTone is a course learning, knowledge dissemination and management sharing platform built on a microservice architecture. There is a stored XSS vulnerability in Beijing Century Super Star Information Technology Development Limited Liability Company's Learning Pass, which can be exploited b...

Cybersecurity Analysts: Job Stress Is Bad, but Boredom Is Kryptonite

Years ago, “airline pilot” used to be a high-stress profession. Imagine being in personal control of equipment worth millions hurtling through the sky on an irregular schedule with the lives of all the passengers in your hands. But today on any given flight, autopilot is engaged almost 90% of the...

Enable Security Teams to Leverage Machine Learning Technologies

As on-premises and cloud-hosted data repositories get larger, they are outstripping the ability of traditional data-crunching methods to efficiently analyze the information. As a result, more enterprises have turned to data science and machine learning platforms to create business value. The...

WordPress Plugin The School Management – Education & Learning Management SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress Plugin The School Management - Education &...

The vulnerabilities of the microprogramming software for Siemens STEP 7 programmable logic controllers, the systems for managing production processes such as Opcenter Execution Discrete, Opcenter Execution Process, Opcenter Execution Foundation, Opcenter Intelligence, Opcenter Quality, SIMATIC IT Production Suite, the system diagnostic tool SIMOCODE ES, the software for parameterizing, diagnosing, and documenting the startup process of SIRIUS Soft Starter ES, the web-based systems for managing technological processes like SIMATIC PCS neo, the Opcenter RD&L software platform, and the software for analyzing equipment efficiency and key indicators like SIMATIC IT LMS. These vulnerabilities arise from the absence of quotation marks in the wording of elements or search methods, which allows attackers to exploit them to gain elevated privileges to the root level.

The vulnerabilities of the microprogramming software for Siemens STEP 7 programmable logic controllers, the systems for managing production processes such as Opcenter Execution Discrete, Opcenter Execution Process, Opcenter Execution Foundation, Opcenter Intelligence, Opcenter Quality, SIMATIC IT...

Simple E-Learning System Arbitrary File Download Vulnerability

Simple E-Learning System is a simple e-learning system by Carlo Montero's personal developer. simple E-Learning System is vulnerable to an arbitrary file download vulnerability, which stems from a lack of validation of external input data in the downloadFiles.php parameter download. validation. A...