Chamilo LMS 跨站脚本漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, remote training, and online question answering, etc. A cross-site scripting vulnerability exists in Chamilo LMS, which stems from a...

e-learning-chodel.eurzad.eu Cross Site Scripting vulnerability OBB-2288268

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

It’s a Wrap! QSC 2021 Las Vegas Laid Out Problems, Solutions and Innovation

Although organizations have made moves toward it for years, digital transformation, in a way, has only just begun. The pandemic may have accelerated migration to the cloud but going forward business will drive continued transformation—and innovation. But to get the most out of the investments in...

Google TensorFlow Buffer Overflow Vulnerability (CNVD-2022-09872)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause uninitialized variable access...

Google TensorFlow code issue vulnerability (CNVD-2022-09869)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow has a code issue vulnerability that can be exploited by an attacker to cause the program to crash...

Google TensorFlow Input Validation Error Vulnerability (CNVD-2022-09873)

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. Google TensorFlow suffers from an input validation error vulnerability that can be exploited by an attacker to call tf.image.resize with a large input parameter, then the TensorFlow process will...

CVE-2021-43775

Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash ../” sequences and its variations or by using absolute file paths, it may be...

Path traversal

Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash ../� sequences and its variations or by using absolute file paths, it may ...

PYSEC-2021-839

Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash ../� sequences and its variations or by using absolute file paths, it may ...

CVE-2021-43775

CVE-2021-43775 affects the Aim open‑source, self‑hosted machine learning experiment tracker. Public records describe a path traversal vulnerability in versions prior to 3.1.0, exploitable by manipulating references to files using dot-dot-slash sequences or absolute paths to access arbitrary files...

CVE-2021-43775 Arbitrary file reading vulnerability in Aim

Aim is an open-source, self-hosted machine learning experiment tracking tool. Versions of Aim prior to 3.1.0 are vulnerable to a path traversal attack. By manipulating variables that reference files with “dot-dot-slash ../” sequences and its variations or by using absolute file paths, it may be...

Moodle < 3.9.11, 3.10.x < 3.10.8, 3.11.x < 3.11.4 Multiple Vulnerabilities

Moodle is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Sourcecodester Online Learning System SQL Injection Vulnerability

Sourcecodester Online Learning System is an online e-learning system based on PHP and MySQL. sourcecodester Online Learning System has a SQL injection vulnerability in v2.0, which stems from the application's lack of validation of external input SQL statements. An attacker can use this...

Microsoft named a Leader in IDC MarketScape for Modern Endpoint Security for Enterprise and Small and Midsize Businesses

The security stakes have never been higher and, consequently, the protection of endpoints as a key component of any extended detection and response XDR strategy has never been more critical—for organizations of all sizes. Microsoft is thrilled to be recognized as a Leader in IDC’s MarketScape...

Moodle permission permission and access control issue vulnerability (CNVD-2021-93378)

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. moodle has a permission permission and access control issue vulnerability that stems from insufficient detection of functionality in t...

Moodle Input Validation Error Vulnerability (CNVD-2021-92540)

Moodle is a free, open source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment. a security vulnerability exists in Moodle, which stems from a problem when the software restores backup files. an attacker could...

Moodle Cross-Site Request Forgery Vulnerability (CNVD-2021-92541)

Moodle is a free and open source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. This could lead to cross-site request forgery attacks. No details of the vulnerability are currently available...

Researchers Demonstrate New Way to Detect MitM Phishing Kits in the Wild

No fewer than 1,220 Man-in-the-Middle MitM phishing websites have been discovered as targeting popular online services like Instagram, Google, PayPal, Apple, Twitter, and LinkedIn with the goal of hijacking users' credentials and carrying out further follow-on attacks. The findings come from a ne...

Online Learning System 2.0 - Remote Code Execution Exploit

Exploit Title: Online Learning System 2.0 - Remote Code Execution RCE Exploit Author: djebbaranon Vendor Homepage: https://github.com/oretnom23 Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/elearningv20.zip Version: 2.0 Tested on: Kali linux / Windows 10 CVE...

Online Learning System 2.0 Remote Code Execution

Exploit Title: Online Learning System 2.0 - Remote Code Execution RCE Date: 15/11/2021 Exploit Author: djebbaranon Vendor Homepage: https://github.com/oretnom23 Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/elearningv20.zip Version: 2.0 Tested on: Kali linux...