Lucene search
K

4 matches found

NVD
NVD
added 2006/04/03 10:4 a.m.13 views

CVE-2006-1595

Cross-site scripting XSS vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command...

4.3CVSS5.9AI score0.05344EPSS
Exploits1References9
CVE
CVE
added 2006/04/03 10:0 a.m.57 views

CVE-2006-1596

CVE-2006-1596 is a PHP remote file inclusion vulnerability affecting Claroline 1.7.4 and earlier. The issue resides in learnPath/include/scormExport.inc.php where the includePath parameter can be manipulated to cause the application to include arbitrary PHP files, enabling remote code execution. ...

7.5CVSS7.6AI score0.02194EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2006/04/03 10:0 a.m.18 views

CVE-2006-1594

Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use ".." dot dot sequences to 1 read arbitrary files via the file parameter in a rqEditHtml command to document/rqmkhtml.php or 2 execute arbitrary code via the includePa...

7.7AI score0.04945EPSS
Exploits1References6
Exploit DB
Exploit DB
added 2006/03/30 12:0 a.m.42 views

Claroline 1.7.4 - 'scormExport.inc.php' Remote Code Execution

!/usr/bin/php -q -d shortopentag=on works with registerglobals = On & allowurlfopen = On\r\n\r\n"; echo "dork: "Powered by Claroline" -demo\r\n\r\n"; if $argc5 echo "Usage: php ".$argv0." host path location OPTIONS\r\n"; echo "host: target server ip/hostname\r\n"; echo "path: path to...

7.4AI score
Exploits0
Rows per page
Query Builder