40 matches found
EUVD-2008-1795
Malware in sbrugna...
EUVD-2008-3407
Malware in sbrugna...
EUVD-2005-4333
Malware in sbrugna...
EUVD-2008-1883
Malware in sbrugna...
EUVD-2006-3908
Malware in sbrugna...
CVE-2005-4339
Cross-site scripting XSS vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitrary web script or HTML via the context parameter to announcement.pl, which is reflected in the...
Blackboard Academic Suite 6.2.3.23 Frameset.JSP Cross-Domain Frameset Loading Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15814/info Blackboard Academic Suite is prone to a cross-domain frameset-loading vulnerability. Successful exploitation may result in various attacks, such as information disclosure and session hijacking. An attacker may...
Blackboard Academic Suite 6/7 - bin/common/announcement.pl data__announcements___pk1_pk2__subject Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/28455/info Blackboard Academic Suite is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...
CVE-2008-3421
Multiple cross-site request forgery CSRF vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to 1 updatemodule.jsp, 2 enrollcourse.pl, and 3...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to 1 updatemodule.jsp, 2 enrollcourse.pl, and 3...
CVE-2008-3421
Multiple cross-site request forgery CSRF vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to 1 updatemodule.jsp, 2 enrollcourse.pl, and 3...
CVE-2008-3421
CVE-2008-3421 describes multiple CSRF vulnerabilities in Blackboard Academic Suite 8.0.260.7 that allow remote attackers to hijack student-authenticated sessions to change configuration and enrollments via input to update_module.jsp, enroll_course.pl, and unenroll.jsp. The impact is unauthorized ...
PT-2008-4824 · Blackboard · Blackboard Academic Suite
Name of the Vulnerable Software and Affected Versions: Blackboard Academic Suite version 8.0.260.7 Description: The issue affects the authentication of student users, allowing remote attackers to hijack it for requests that change configuration and enrollments. This is achieved through unspecifie...
CVE-2008-1883
Blackboard Academic Suite 7.x stores MD5 password hashes provided directly by clients, enabling remote attackers to access accounts by sending an arbitrary MD5 string instead of the client-side hashed value. The server accepts client-provided hashes without validating the JavaScript/MD5 step. Aff...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via 1 the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or 2 the...
CVE-2008-1795
Multiple cross-site scripting XSS vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via 1 the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or 2 the...
CVE-2008-1795
Multiple cross-site scripting XSS vulnerabilities in Blackboard Academic Suite 7.x and earlier, and possibly some 8.0 versions, allow remote attackers to inject arbitrary web script or HTML via 1 the searchText parameter in a Course action to webapps/blackboard/execute/viewCatalog or 2 the...
CVE-2008-1795
CVE-2008-1795 covers multiple XSS vulnerabilities in Blackboard Academic Suite (7.x and earlier; possibly some 8.0). The flaws allow remote attackers to inject arbitrary script/HTML via two inputs: (1) searchText in a Course action to webapps/blackboard/execute/viewCatalog, and (2) data__announce...
BlackBoard Academic Suite 67 - bincommonannouncement.pl?data__announcements___pk1_pk2__subject Cross-Site Scripting
BlackBoard Academic Suite 67 - bincommonannouncement.pl?dataannouncementspk1pk2subject Cross-Site Scripting source: https://www.securityfocus.com/bid/28455/info Blackboard Academic Suite is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize...
BlackBoard Academic Suite 6/7 - '/bin/common/announcement.pl?data__announcements___pk1_pk2__subject' Cross-Site Scripting
source: https://www.securityfocus.com/bid/28455/info Blackboard Academic Suite is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of...