4 matches found
CVE-2006-1595
Cross-site scripting XSS vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command...
CVE-2006-1596
CVE-2006-1596 is a PHP remote file inclusion vulnerability affecting Claroline 1.7.4 and earlier. The issue resides in learnPath/include/scormExport.inc.php where the includePath parameter can be manipulated to cause the application to include arbitrary PHP files, enabling remote code execution. ...
CVE-2006-1594
Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use ".." dot dot sequences to 1 read arbitrary files via the file parameter in a rqEditHtml command to document/rqmkhtml.php or 2 execute arbitrary code via the includePa...
Claroline 1.7.4 - 'scormExport.inc.php' Remote Code Execution
!/usr/bin/php -q -d shortopentag=on works with registerglobals = On & allowurlfopen = On\r\n\r\n"; echo "dork: "Powered by Claroline" -demo\r\n\r\n"; if $argc5 echo "Usage: php ".$argv0." host path location OPTIONS\r\n"; echo "host: target server ip/hostname\r\n"; echo "path: path to...