71 matches found
CVE-2020-24381
GUnet Open eClass Platform (openeclass) prior to 3.11 is vulnerable to reading submitted assessments due to directory listing not being blocked and the data directory being inside the web root. This could allow remote attackers to access student submissions. The affected product/version is public...
CVE-2020-24381
GUnet Open eClass Platform aka openeclass before 3.11 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default...
GUnet OpenEclass 1.7.3 E-learning platform - (month) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link:...
GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection
Exploit Title: GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Date: 2020-03-02 Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link: http://download.openeclass.org/files/1.7/eclass-1.7.3.tar.gz Version:...
GUnet OpenEclass 1.7.3 E-learning platform - month SQL Injection
GUnet OpenEclass 1.7.3 E-learning platform - month SQL Injection Exploit Title: GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Date: 2020-03-02 Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link:...
GUnet OpenEclass E-learning platform 1.7.3 - uname SQL Injection
GUnet OpenEclass E-learning platform 1.7.3 - uname SQL Injection Exploit Title: GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Date: 2019-11-03 Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link:...
GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection
Exploit Title: GUnet OpenEclass E-learning platform 1.7.3 - 'uname' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Date: 2019-11-03 Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link: http://download.openeclass.org/files/1.7/eclass-1.7.3.tar.gz Version:...
CVE-2017-7389
Multiple Cross-Site Scripting XSS were discovered in 'openeclass Release3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data meetingid, user passed to the 'openeclass-master/modules/tc/webconf/webconf.php' URL. An attacker could execute arbitrary HTML and script...
CVE-2017-7389
Multiple Cross-Site Scripting XSS were discovered in 'openeclass Release3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data meetingid, user passed to the 'openeclass-master/modules/tc/webconf/webconf.php' URL. An attacker could execute arbitrary HTML and script...
CVE-2017-7389
CVE-2017-7389 affects Open eClass Release_3.5.4. The vulnerability is a Cross-Site Scripting (XSS) due to insufficient filtering of user-supplied data (meeting_id, user) passed to the openeclass-master/modules/tc/webconf/webconf.php URL. An attacker could cause the browser to execute arbitrary HT...
CVE-2017-7389
Multiple Cross-Site Scripting XSS were discovered in 'openeclass Release3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data meetingid, user passed to the 'openeclass-master/modules/tc/webconf/webconf.php' URL. An attacker could execute arbitrary HTML and script...