GHSA-CCMR-QJ26-845G Improper Restriction of XML External Entity Reference in Elasticsearch

Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's findfilestructure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content ...

Improper Restriction of XML External Entity Reference in Elasticsearch

Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's findfilestructure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content ...

Elasticsearch subject to cross site scripting

X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting XSS vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive...

GHSA-MJPC-QX7H-R8C9 Elasticsearch subject to cross site scripting

X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting XSS vulnerability. If an attacker is able to inject data into an index that has a ML job running against it, then when another user views the results of the ML job it could allow the attacker to obtain sensitive...

CVE-2022-28986

LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references IDOR vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts...

Microsoft security experts outline next steps after compromise recovery

Who is CRSP? The Microsoft Compromise Recovery Security Practice CRSP is a worldwide team of cybersecurity experts operating in most countries, across both public and private organizations, with deep expertise to secure an environment post-security breach and to help you prevent a breach in the...

LMS Doctor 2 Factor Authentication for Moodle 安全漏洞

LMS Doctor 2 Factor Authentication for Moodle is a Moodle plugin for secondary authentication from LMS Doctor. A security vulnerability exists in LMS Doctor 2 Factor Authentication for Moodle that stems from the presence of an insecure direct object reference IDOR. A remote attacker could exploit...

Apple’s child safety features are coming to a Messages app near you

Apple will soon be rolling out its promised child safety features in the Messages app for users in Australia, Canada, New Zealand, and the UK. The announcement comes four months after the features initial launch in the US on the iOS, iPad, and macOS devices. To make communicating with Messages...

formalms SQL Injection Vulnerability

formalms a learning management system. Used to build around the specific needs of corporate training. formalms versions prior to v.1.4.3 contain a SQL injection vulnerability that stems from the application's lack of validation of externally entered SQL statements. An attacker could exploit this...

CVE-2022-27104

An Unauthenticated time-based blind SQL injection vulnerability exists in Forma LMS prior to v.1.4.3...

Desire2Learn Learning Management System 安全漏洞

An access control error vulnerability exists in Desire2Learn Learning Management System, a learning management system from Desire2Learn Canada, due to improper access controls. A remote attacker could disable the "Disable Right Click Control"...

Moodle Access Control Error Vulnerability (CNVD-2022-54953)

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. an access control error vulnerability exists in Moodle, which stems from the calendar:manageentries feature allowing managers to acces...

Chamilo LMS SQL Injection Vulnerability (CNVD-2022-33807)

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, remote training and online question answering, etc. Chamilo LMS v1.11.13 is vulnerable to SQL injection, and no detailed vulnerability...

Chamilo LMS has an unspecified vulnerability

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, remote training, and online question answering. Chamilo LMS v1.11.13 has a security vulnerability that could be exploited by an attacker ...

Chamilo LMS Cross-Site Scripting Vulnerability (CNVD-2022-33808)

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, remote training, and online question answering. Chamilo LMS v1.11.13 has a cross-site scripting vulnerability, and no detailed...

CVE-2022-27422

A reflected cross-site scripting XSS vulnerability in Chamilo LMS v1.11.13 allows attackers to execute arbitrary web scripts or HTML via user interaction with a crafted URL...

CVE-2022-27425

Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting XSS vulnerability via the component /blog/blog.php...

Chamilo LMS 跨站脚本漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, remote training, and online question answering. Chamilo LMS v1.11.13 contains a cross-site scripting vulnerability that could be exploite...

Chamilo LMS 输入验证错误漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, remote training, and online question answering. Chamilo LMS v1.11.13 has a security vulnerability that could be exploited by an attacker ...

Chamilo LMS 代码问题漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association that supports the creation of instructional content, remote training, and online question answering. The system supports the creation of instructional content, remote training and online question...