18 matches found
EUVD-2012-5372
Malware in sbrugna...
EUVD-2012-5090
Malware in sbrugna...
EUVD-2012-5092
Malware in sbrugna...
EUVD-2012-5091
Malware in sbrugna...
Atutor AContent Local File Inclusion Vulnerability
Atutor AContent is prone to local file inclusion vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2012-5169
Multiple cross-site scripting XSS vulnerabilities in filemanager/previewtop.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the 1 pathext, 2 popup, 3 framed, or 4 file parameter...
CVE-2012-5453
SQL injection vulnerability in user/indexinlineeditorsubmit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167...
CVE-2012-5454
user/indexinlineeditorsubmit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE: this might be due to an incomplete fix for CVE-2012-5168...
CVE-2012-5167
Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the 1 field parameter to coursecategory/indexinlineeditorsubmit.php or 2 user/indexinlineeditorsubmit.php; or 3 id parameter to user/userpassword.php...
Sql injection
Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the 1 field parameter to coursecategory/indexinlineeditorsubmit.php or 2 user/indexinlineeditorsubmit.php; or 3 id parameter to user/userpassword.php...
Design/Logic Flaw
user/indexinlineeditorsubmit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE: this might be due to an incomplete fix for CVE-2012-5168...
CVE-2012-5169
Multiple cross-site scripting XSS vulnerabilities in filemanager/previewtop.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the 1 pathext, 2 popup, 3 framed, or 4 file parameter...
CVE-2012-5453
SQL injection vulnerability in user/indexinlineeditorsubmit.php in ATutor AContent 1.2-1 allows remote authenticated users to execute arbitrary SQL commands via the field parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-5167...
CVE-2012-5453
CVE-2012-5453 details a SQL injection in ATutor AContent 1.2-1 via the field parameter in user/index_inline_editor_submit.php. It is tied to an incomplete fix for CVE-2012-5167 and allows remote authenticated users to execute arbitrary SQL commands. NVD lists a base score of 6.5 (MEDIUM). Connect...
CVE-2012-5168
ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to 1 user/indexinlineeditorsubmit.php or 2 coursecategory/indexinlineeditorsubmit.php...
CVE-2012-5169
CVE-2012-5169 affects ATutor AContent (ATutor) prior to/including 1.2-2, specifically the file_manager/preview_top.php XSS via GET parameters pathext, popup, framed, or file. The flaw stems from improper sanitisation of user-controlled input returned to the browser, enabling arbitrary script exec...
CVE-2012-5167
ATutor AContent before 1.2-1 contains multiple SQL injection vulnerabilities. An attacker can trigger SQL commands via (1) course_category/index_inline_editor_submit.php field parameter, (2) user/index_inline_editor_submit.php field parameter, or (3) user/user_password.php id parameter. Root caus...
Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
This host is running Atutor AContent and is prone to multiple cross site scripting and SQL injection vulnerabilities. OpenVAS Vulnerability Test $Id: gbatutoracontentmultsqlinjnxssvuln.nasl 7015 2017-08-28 11:51:24Z teissa $ Atutor AContent Multiple SQL Injection and XSS Vulnerabilities Authors:...