CVE-2021-41152

OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere o...

CVE-2021-41152

OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere o...

Design/Logic Flaw

OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere o...

CVE-2021-41152

OpenOlat vulnerability CVE-2021-41152 is a path traversal issue in the folder component that allows an authenticated (or guest-enabled) user to manipulate the HTTP request and read files via a crafted download path. The attack can access files in web root or other locations, depending on server p...

Why Now Is the Time to Jump into Cybersecurity and Join Imperva

Throughout history, periods of disruption are followed by eras of progress and transformation. While we are living through an unprecedented time, I believe we are on the cusp of another chapter of innovation — and I expect cybersecurity will be at the center of it. Cybersecurity Awareness Month, ...

Security Bulletin: A vulnerability in Spring Framework affects IBM Watson Machine Learning Accelerator

Summary A vulnerability exists in Spring Framework version used by IBM Watson Machine Learning Accelerator. Spring framework upgrade to version 5.2.15 which resolves these vulnerabilities, is available on IBM Fix Central. Vulnerability Details CVEID: CVE-2021-22118 DESCRIPTION: VMware Tanzu Sprin...

penetrationLean

我的渗透学习笔记...

CVE-2021-42336

The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters...

CVE-2021-42336

The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters...

CVE-2021-42333

The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions...

CVE-2021-42335

Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack...

CVE-2021-42335

Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack...

Cross site scripting

Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack...

Design/Logic Flaw

The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters...

CVE-2021-42336 Huachu Digital Technology Co.,Ltd. Easytest - Improper Authorization

The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a user’s permission, remote attackers can access other users’ and administrator’s account information except password by crafting URL parameters...

CVE-2021-42335 Huachu Digital Technology Co.,Ltd. Easytest - Stored XSS

Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack...

CVE-2021-42333 Huachu Digital Technology Co.,Ltd. Easytest - SQL Injection-1

The Easytest contains SQL injection vulnerabilities. After obtaining user’s privilege, remote attackers can inject SQL commands into the parameters of the learning history page to access all database and obtain administrator permissions...

Easytest SQL注入漏洞

Easytest is an online learning quiz platform of China's Hua Ju Digital Technology, Inc. Easytest is vulnerable to SQL injection, which can be exploited by attackers to inject SQL commands into the parameters of the learning history page after gaining user privileges to access all databases and ga...

PT-2021-23579 · Easytest · Easytest

Name of the Vulnerable Software and Affected Versions: Easytest affected versions not specified Description: The learning history page of the Easytest is vulnerable to permission bypass. After obtaining a user's permission, remote attackers can access other users' and administrator's account...

Online Learning System 2.0 - 'Multiple' SQLi Authentication Bypass

Exploit Title: Online Learning System 2.0 - 'Multiple' SQLi Authentication Bypass Date: 11.10.2021 Exploit Author: Oguzhan Kara Vendor Homepage: https://www.sourcecodester.com/php/14929/online-learning-system-v2-using-php-free-source-code.html Software Link:...