EUVD-2006-4296

Malware in sbrugna...

EUVD-2007-5207

Malware in sbrugna...

CVE-2005-4341

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to list all available categories via a blank categoryid parameter to category.pl. NOTE: it is not clear whether this information is sensitive or not, so this...

Blackboard Learning System 6.0 Dropbox File Download Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10515/info It is reported that Blackboard improperly allows users to download files posted in the 'Digital Dropbox'. Files in the dropbox are intended for the course administrators. The application does not verify that th...

Blackboard Learning System 5.x/6.0 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/10101/info Blackboard Learning System has been reported prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly validate user supplied URI input. The first...

Blackboard Learning System <= 8.0 SP6 Unspecified XSS

According to its version number, the Blackboard Learning System, now known as Blackboard Learn, install hosted on the remote web server is affected by an unspecified cross-site scripting vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in messaging/course/composeMessage.jsp in BlackBoard Learning System 6.3.1.593 and earlier in BlackBoard Academic Suite allow remote attackers to inject arbitrary web script or HTML via the 1 subjectt and 2 bodytext parameters. NOTE: vector 2...

CVE-2007-5227

Multiple cross-site scripting XSS vulnerabilities in messaging/course/composeMessage.jsp in BlackBoard Learning System 6.3.1.593 and earlier in BlackBoard Academic Suite allow remote attackers to inject arbitrary web script or HTML via the 1 subjectt and 2 bodytext parameters. NOTE: vector 2...

CVE-2007-5227

Affected software: Blackboard Learning System 6.3.1.593 and earlier Blackboard Academic Suite. Vulnerability: cross-site scripting in messaging/course/composeMessage.jsp; exploitable via the subject_t and body_text parameters (vector 2 bypasses a client-side filter). Impact: allows remote attacke...

CVE-2006-4308

CVE-2006-4308 describes multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4. The issue allows remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscr...

CVE-2005-4338

The CVE-2005-4338 entry affects Blackboard Learning and Community Portal System (Academic Suite) versions 6.3.1.424, 6.2.3.23, and earlier 6.x. The vulnerability, as described in multiple feeds, allows remote attackers to gain administrator privileges by setting the context parameter to "admin". ...

CVE-2005-4206

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to...

CVE-2005-4206

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to...

blackboardLS.txt

Advisory: Blackboard Learning System - Stealing documents out of the digital dropbox ========================================================================== Blackboard ---------- The Blackboard Learning System is a Web-based server software platform that offers course management. More...

Blackboard Learning System - Stealing documents out of the digital dropbox

Advisory: Blackboard Learning System - Stealing documents out of the digital dropbox ========================================================================== Blackboard ---------- The Blackboard Learning System is a Web-based server software platform that offers course management. More...

BlackBoard Learning System 6.0 - Dropbox File Download

BlackBoard Learning System 6.0 - Dropbox File Download source: https://www.securityfocus.com/bid/10515/info It is reported that Blackboard improperly allows users to download files posted in the 'Digital Dropbox'. Files in the dropbox are intended for the course administrators. The application do...

BlackBoard Learning System 6.0 - Dropbox File Download

source: https://www.securityfocus.com/bid/10515/info It is reported that Blackboard improperly allows users to download files posted in the 'Digital Dropbox'. Files in the dropbox are intended for the course administrators. The application does not verify that the files requested for download are...

BlackBoard Learning System 5.x/6.0 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/10101/info Blackboard Learning System has been reported prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly validate user supplied URI input. The first issue is reported to affect the...

Blackboard 5.x Password Retrieval

-- Overview Through the exploitation of a SQL injection vulnerability it is possible for an unauthenticated user to query the Blackboard user directory and: - Enumerate users with a given password. - Extract the MD5 password of any given user. Blackboard Learning System 5.x, level 1 and 2 are...