CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2017/10/12 12:0 a.m.•1 views

ATutor LMS Cross-Site Scripting Vulnerability

ATutor LMS is an open source web-based learning management system LCMS. The system provides course settings, textbook package downloads, multiple reading options, and other features. A cross-site scripting vulnerability exists in ATutor LMS version 2.2. A remote attacker can exploit this...

5.4CVSS5.5AI score0.00206EPSS

Exploits1References1

Prion•added 2017/10/10 4:29 p.m.•10 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ATutor LMS version 2.2...

3.5CVSS6.2AI score0.00206EPSS

Exploits1References2Affected Software1

Cvelist•added 2017/10/10 4:0 p.m.•13 views

CVE-2015-6521

Multiple cross-site scripting XSS vulnerabilities in ATutor LMS version 2.2...

5.5AI score0.00206EPSS

Exploits1References2

CVE•added 2017/10/10 4:0 p.m.•51 views

CVE-2015-6521

ATutor LMS version 2.2 is affected by multiple cross-site scripting (XSS) vulnerabilities. The CNVD entry states a cross-site scripting flaw exists in ATutor LMS 2.2, allowing a remote attacker to inject arbitrary web script or HTML. The NVD entry corroborates XSS in ATutor LMS 2.2 with CVSS v3 b...

5.4CVSS5.4AI score0.00206EPSS

Exploits1References2Affected Software1

Source Incite•added 2016/03/20 12:0 a.m.•16 views

SRC-2016-0018 : ATutor LMS view_transcript File Disclosure Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability may allow remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...

Source Incite•added 2016/03/20 12:0 a.m.•13 views

SRC-2016-0017 : ATutor LMS view_item File Disclosure Remote Code Execution Vulnerability

Source Incite•added 2016/03/20 12:0 a.m.•15 views

SRC-2016-0015 : ATutor LMS write_temp_file File Write Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is required to exploit this vulnerability however authentication bypass vulnerabilities are known and remote registration is open by default. The...

8.2AI score

Source Incite•added 2016/03/11 12:0 a.m.•13 views

SRC-2016-0013 : ATutor LMS ims_import Directory Traversal Remote Code Execution Vulnerability

8.2AI score

Source Incite•added 2016/03/11 12:0 a.m.•15 views

SRC-2016-0011 : ATutor LMS import_test Directory Traversal Remote Code Execution Vulnerability

8.2AI score

Exploit DB•added 2016/03/07 12:0 a.m.•34 views

ATutor LMS - '/install_modules.php' Cross-Site Request Forgery / Remote Code Execution

/ exp.js ATutor LMS " in it - You will need to set the Access-Control-Allow-Origin header to allow the target to pull zips - Use this with your favorite XSS attack - Student proof, aka bullet proof Timeline: 23/02/2016 - notified vendor via infoatatutordotca 24/02/2016 - requested CVE and assigne...

8.8CVSS8.8AI score0.00082EPSS

Packet Storm•added 2016/03/07 12:0 a.m.•43 views

ATutor LMS 2.2.1 CSRF Remote Code Execution

0.1AI score0.00082EPSS

0day.today•added 2016/03/07 12:0 a.m.•42 views

ATutor LMS - install_modules.php Cross-Site Request Forgery / Remote Code Execution

Exploit for php platform in category web applications / exp.js ATutor LMS " in it - You will need to set the Access-Control-Allow-Origin header to allow the target to pull zips - Use this with your favorite XSS attack - Student proof, aka bullet proof Timeline: 23/02/2016 - notified vendor via...

6.8CVSS0.00082EPSS

exploitpack•added 2016/03/07 12:0 a.m.•26 views

ATutor LMS - install_modules.php Cross-Site Request Forgery Remote Code Execution

ATutor LMS - installmodules.php Cross-Site Request Forgery Remote Code Execution / exp.js ATutor LMS " in it - You will need to set the Access-Control-Allow-Origin header to allow the target to pull zips - Use this with your favorite XSS attack - Student proof, aka bullet proof Timeline: 23/02/20...

6.8CVSS0.3AI score0.00082EPSS

Source Incite•added 2016/02/24 12:0 a.m.•41 views

SRC-2016-0007 : ATutor LMS searchFriends SQL Injection Remote Code Execution Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ATutor. Authentication is not required to exploit this vulnerability. The specific flaw exists in the searchFriends function within the ‘friends.inc.php’ script. An attacker...

9.8CVSS9.1AI score0.81579EPSS

Exploits7

Source Incite•added 2016/02/24 12:0 a.m.•11 views

SRC-2016-0006 : ATutor LMS updateAdditionalInformation SQL Injection Remote Code Execution Vulnerability

8.3AI score

Source Incite•added 2016/02/24 12:0 a.m.•14 views

SRC-2016-0004 : ATutor LMS SocialGroups search SQL Injection Remote Code Execution Vulnerability

Source Incite•added 2016/02/24 12:0 a.m.•36 views

SRC-2016-0012 : ATutor LMS confirm ‘UPDATE’ Type Juggling Authentication Bypass Vulnerability

Vulnerability Details: This vulnerability allows remote attackers to bypass the authentication mechanism on vulnerable installations of ATutor. The specific flaw exists in the ‘confirm.php’ script when updating a members email address. The code uses a loose comparison when comparing the supplied...

8AI score

Source Incite•added 2016/02/24 12:0 a.m.•17 views

SRC-2016-0005 : ATutor LMS searchMembers SQL Injection Remote Code Execution Vulnerability