68 matches found
Code injection
Coursemill Learning Management System LMS 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter...
CVE-2013-3602
SQL injection vulnerability in admindocumentworker.jsp in Coursemill Learning Management System LMS 6.6 allows remote authenticated users to execute arbitrary SQL commands via the docID parameter...
CVE-2013-3601
Affected software: Coursemill Learning Management System (LMS) 6.6. Vulnerability: inadequate restriction of JSP function calls allows remote authenticated users (via Student role) to perform arbitrary JSP operations by supplying an op parameter. Impact: privilege escalation to execute restricted...
CVE-2013-3605
CVE-2013-3605 concerns Cross-site request forgery (CSRF) in Coursemill Learning Management System (LMS) 6.6, enabling remote attackers to hijack the authentication of arbitrary users via cookies. The connected documents corroborate that the vulnerability involves cookie-related CSRF in the Course...
CVE-2013-5708
Coursemill Learning Management System LMS 6.8 constructs secret tokens based on time values, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via vectors related to cookies, a different vulnerability than CVE-2013-3605...
CVE-2013-3603
Cross-site scripting XSS vulnerability in Coursemill Learning Management System LMS 6.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages...
CVE-2013-5706
Multiple cross-site scripting XSS vulnerabilities in Coursemill Learning Management System LMS 6.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to error messages and 1 crafted event attributes or 2 greater than characters that are optional within a browser's...
CVE-2013-3600
Coursemill Learning Management System LMS 6.6 allows remote authenticated users to gain privileges via a modified userid value to unspecified functions...
CVE-2013-3599
userlogin.jsp in Coursemill Learning Management System LMS 6.6 and 6.8 allows remote attackers to gain privileges via a modified user-role value to home.html...
CVE-2013-3601
Coursemill Learning Management System LMS 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter...
CVE-2013-3605
Cross-site request forgery CSRF vulnerability in Coursemill Learning Management System LMS 6.6 allows remote attackers to hijack the authentication of arbitrary users via vectors related to cookies...
CVE-2013-3602
CVE-2013-3602 affects Coursemill Learning Management System (LMS) 6.6. The vulnerability is an SQL injection in admindocumentworker.jsp used to retrieve document data, where the docID parameter causes user-supplied SQL to be executed by the database. This vulnerability can be exploited by remote ...
CVE-2013-3604
CVE-2013-3604 concerns multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.6. The public descriptions in the provided documents state that remote attackers could inject arbitrary web script or HTML via crafted input. Connected records also referenc...
CVE-2013-3600
The CVE-2013-3600 issue affects Coursemill Learning Management System (LMS) 6.6. Affected component: the userid parameter used in certain functions (e.g., via Edit Profile); root cause is external control of an assumed-immutable web parameter, enabling privilege escalation when authenticated as a...
CVE-2013-5708
CVE-2013-5708 affects Coursemill Learning Management System (LMS) 6.8. The vulnerability arises because it constructs secret tokens based on time values, which enables remote attackers to perform cross-site request forgery (CSRF) via cookie-related vectors. This is described as a different vulner...
CVE-2013-3599
CVE-2013-3599 affects Coursemill Learning Management System (LMS) versions 6.6 and 6.8. The issue stems from userlogin.jsp where the response to the login page exposes the user role as a parameter, enabling an attacker to escalate privileges by modifying the role value sent to home.html. Red Hat ...
CVE-2013-5706
CVE-2013-5706 corresponds to multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.8. The issues allow remote attackers to inject arbitrary web script or HTML via error-message related vectors and two specific payload types: (1) crafted event attribu...
CVE-2013-3604
Multiple cross-site scripting XSS vulnerabilities in Coursemill Learning Management System LMS 6.6 allow remote attackers to inject arbitrary web script or HTML via crafted input...
CVE-2013-3603
CVE-2013-3603 is a cross-site scripting (XSS) vulnerability in Coursemill Learning Management System (LMS) 6.6, where remote attackers can inject arbitrary web script or HTML via vectors related to error messages. Connected sources mention related disclosures for LMS versions 6.6 and 6.8 and trac...
CVE-2013-5707
CVE-2013-5707 describes multiple XSS vulnerabilities in Coursemill Learning Management System (LMS) 6.8, enabling remote attackers to inject arbitrary web script or HTML via crafted input containing a %22 sequence. This is a separate issue from CVE-2013-3604. The NVD entry lists a MEDIUM severity...