Interact E-Learning System 2.4.1 (help.php) LFI Vulnerabilities

Exploit for unknown platform in category web applications =============================================================== Interact E-Learning System 2.4.1 help.php LFI Vulnerabilities =============================================================== Application: Interact E-Learning System Versions...

Interact E-Learning System 2.4.1 (help.php) LFI Vulnerabilities

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-31 Application: Interact E-Learning System Versions Affected: 2.4.1 Vendor URL: http://sourceforge.net/projects/cce-interact Bug: Local File Include Exploits: YES Reported: 03.07.2008 Vendor response:...

DSEGRG-08-31.txt

Digital Security Research Group DSecRG Advisory DSECRG-08-31 Application: Interact E-Learning System Versions Affected: 2.4.1 Vendor URL: http://sourceforge.net/projects/cce-interact Bug: Local File Include Exploits: YES Reported: 03.07.2008 Vendor response: 04.07.2008 Solution: YES Date of Publi...

Interact 2.4.1 - help.php Local File Inclusion

Interact 2.4.1 - help.php Local File Inclusion Digital Security Research Group DSecRG Advisory DSECRG-08-31 Application: Interact E-Learning System Versions Affected: 2.4.1 Vendor URL: http://sourceforge.net/projects/cce-interact Bug: Local File Include Exploits: YES Reported: 03.07.2008 Vendor...

Interact 2.4.1 - 'help.php' Local File Inclusion

Digital Security Research Group DSecRG Advisory DSECRG-08-31 Application: Interact E-Learning System Versions Affected: 2.4.1 Vendor URL: http://sourceforge.net/projects/cce-interact Bug: Local File Include Exploits: YES Reported: 03.07.2008 Vendor response: 04.07.2008 Solution: YES Date of Publi...

[DSECRG-08-029] Local File Include in Dokeos E-Learning System 1.8.5

Digital Security Research Group DSecRG Advisory DSECRG-08-029 Application: Dokeos E-Learning System Versions Affected: 1.8.5 Vendor URL: http://dokeos.com/ Bug: Local File Include Exploits: YES Reported: 01.07.2008 Vendor response: 05.07.2008 Solution: YES Date of Public Advisory: 17.07.2008...

DSECRG-08-029.txt

Digital Security Research Group DSecRG Advisory DSECRG-08-029 Application: Dokeos E-Learning System Versions Affected: 1.8.5 Vendor URL: http://dokeos.com/ Bug: Local File Include Exploits: YES Reported: 01.07.2008 Vendor response: 05.07.2008 Solution: YES Date of Public Advisory: 17.07.2008...

[SECURITY] Fedora 8 Update: moodle-1.8.5-1.fc8

Moodle is a course management system CMS - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities...

Unfixed XSS vulnerability at www.smelearning.org.tw

Security researcher PD, has submitted on 06/04/2008 a cross-site-scripting XSS vulnerability affecting www.smelearning.org.tw, which at the time of submission ranked 310330 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 06/04/2008. It is...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 CONFIGLANGUAGECPATH parameter to modules/forum/embedforum.php and the 2...

CVE-2008-2220

Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 CONFIGLANGUAGECPATH parameter to modules/forum/embedforum.php and the 2...

CVE-2008-2220

Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the 1 CONFIGLANGUAGECPATH parameter to modules/forum/embedforum.php and the 2...

VideoLAN VLC Media Player 0.8.6d - httpd_FileCallBack Remote Format String

VideoLAN VLC Media Player 0.8.6d - httpdFileCallBack Remote Format String / Epibite // bite since 1442 pown meme ta mamie / / Advisory from Luigi Auriemma CVE-2007-6682 / format string in VideoLAN VLC 0.8.6d Description : Format string vulnerability in the httpdFileCallBack function network/httpd...

Unfixed XSS vulnerability at tutoring.sylvanlearning.com

Security researcher Kaospunk, has submitted on 26/03/2008 a cross-site-scripting XSS vulnerability affecting tutoring.sylvanlearning.com, which at the time of submission ranked 100009 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 26/03/2008. ...

DSECRG-08-015.txt

Digital Security Research Group DSecRG Advisory DSECRG-08-015 Application: Dokeos E-Learning System Versions Affected: 1.8.4 Vendor URL: http://dokeos.com Bugs: Multiple SQL Injections,Multiple Blind SQL Injections,Multiple XSS, etc. Exploits: YES Reported: 25.01.2008 Vendor response: 28.01.2008...

[DSECRG-08-015] Multiple Security Vulnerabilities in Dokeos 1.8.4

Digital Security Research Group DSecRG Advisory DSECRG-08-015 Application: Dokeos E-Learning System Versions Affected: 1.8.4 Vendor URL: http://dokeos.com Bugs: Multiple SQL Injections,Multiple Blind SQL Injections,Multiple XSS, etc. Exploits: YES Reported: 25.01.2008 Vendor response: 28.01.2008...

atutor155-xss.txt

====================================================================== ATutor Impact: Cross Site Scripting Status: patch available ------------------------------ Affected software description: ------------------------------ Application: ATutor Version: = 1.5.5 Vendor: http://www.atutor.ca...

Dokeos main/inc/lib/events.lib.inc.php Referer HTTP Header SQL Injection

The remote host is running Dokeos, an open source, e-learning and course management web application written in PHP. The version of Dokeos installed on the remote host fails to sanitize user input to the 'Referer' request header before using it in the 'main/inc/lib/events.lib.inc.php' script to...

Unfixed XSS vulnerability at www.creativelearningpress.com

Security researcher skathgh420, has submitted on 02/07/2008 a cross-site-scripting XSS vulnerability affecting www.creativelearningpress.com, which at the time of submission ranked 10704379 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on...

efront-312-xss.txt

fuzion / // /\ / / : //\ /| : : .. / \ | | :: :: \ / | | :| || \ / | | || || |\ / | | || || | / | \ | || || | / /\ \ | || || | / / \ -/ -/ | |// \ --/ \ / / / / \ / \/ Product: efront e-learning LMS 3.1.2 http://www.efrontlearning.net/ Vulnerable: http://site/index.php?message=xss...