30 matches found
EUVD-2013-3538
Malware in sbrugna...
EUVD-2013-5543
Malware in sbrugna...
EUVD-2013-3533
Malware in sbrugna...
CVE-2013-5708
Coursemill Learning Management System LMS 6.8 constructs secret tokens based on time values, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via vectors related to cookies, a different vulnerability than CVE-2013-3605...
CVE-2013-3603
Cross-site scripting XSS vulnerability in Coursemill Learning Management System LMS 6.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages...
CVE-2013-3602
SQL injection vulnerability in admindocumentworker.jsp in Coursemill Learning Management System LMS 6.6 allows remote authenticated users to execute arbitrary SQL commands via the docID parameter...
CVE-2013-3601
Coursemill Learning Management System LMS 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter...
CVE-2013-5707
Multiple cross-site scripting XSS vulnerabilities in Coursemill Learning Management System LMS 6.8 allow remote attackers to inject arbitrary web script or HTML via crafted input containing a %22 sequence, a different issue than CVE-2013-3604...
CVE-2013-5706
Multiple cross-site scripting XSS vulnerabilities in Coursemill Learning Management System LMS 6.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to error messages and 1 crafted event attributes or 2 greater than characters that are optional within a browser's...
CVE-2013-3600
Coursemill Learning Management System LMS 6.6 allows remote authenticated users to gain privileges via a modified userid value to unspecified functions...
Design/Logic Flaw
userlogin.jsp in Coursemill Learning Management System LMS 6.6 and 6.8 allows remote attackers to gain privileges via a modified user-role value to home.html...
Sql injection
SQL injection vulnerability in admindocumentworker.jsp in Coursemill Learning Management System LMS 6.6 allows remote authenticated users to execute arbitrary SQL commands via the docID parameter...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Coursemill Learning Management System LMS 6.6 allows remote attackers to hijack the authentication of arbitrary users via vectors related to cookies...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Coursemill Learning Management System LMS 6.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to error messages and 1 crafted event attributes or 2 greater than characters that are optional within a browser's...
Design/Logic Flaw
Coursemill Learning Management System LMS 6.6 allows remote authenticated users to gain privileges via a modified userid value to unspecified functions...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Coursemill Learning Management System LMS 6.6 allow remote attackers to inject arbitrary web script or HTML via crafted input...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Coursemill Learning Management System LMS 6.8 allow remote attackers to inject arbitrary web script or HTML via crafted input containing a %22 sequence, a different issue than CVE-2013-3604...
Code injection
Coursemill Learning Management System LMS 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter...
Cross site request forgery (csrf)
Coursemill Learning Management System LMS 6.8 constructs secret tokens based on time values, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via vectors related to cookies, a different vulnerability than CVE-2013-3605...
Cross site scripting
Cross-site scripting XSS vulnerability in Coursemill Learning Management System LMS 6.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages...