ATutor 1.5.1 Chat Logs Remote Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14832/info ATutor is prone to a remote information disclosure vulnerability. This issue is due to a failure in the application to perform proper access validation before granting access to privileged information. A remote...

ATutor 1.5.1 Password_Reminder.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14831/info ATutor is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could resul...

CVE-2005-4155

registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treat...

CVE-2005-2955

config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others...

atutor-151.txt

ATUTOR 1.5.1 possibly prior versions SQL INJECTION / ADMIN & USERS CREDENTIALS DISCLOSURE / INFORMATION DISCLOSURE / USER IMPERSONATION / REMOTE CODE EXECUTION software: site: http://www.atutor.ca/ description: "ATutor is an Open Source Web-based Learning Content Management System LCMS designed...

ATutor 1.5.1 - 'password_reminder.php' SQL Injection

source: https://www.securityfocus.com/bid/14831/info ATutor is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...

CVE-2005-2649

CVE-2005-2649 describes a cross-site scripting (XSS) vulnerability in ATutor 1.5.1 that allows remote attackers to inject arbitrary script or HTML via the parameters course in login.php or words in search.php. The CVE is cited with a base score of 4.3 (Medium) on the NVD entry, and multiple conne...

ATutor-1.5.1 SQL injection and XSS bugs

TITLE: ATutor-1.5.1 SQL injection and XSS bugs Severity: Medium or even critical SOFTWARE: ATutor-1.5.1 http://www.atutor.ca/ DESCRIPTION: ATutor-1.5.1 is a web base education portal.THe system is vulnable to SQL injection and XSS attacks: SQL injection: http://localhost/tour/passwordreminder.php...