Lucene search
K

68 matches found

Prion
Prion
added 2013/09/06 11:15 a.m.15 views

Code injection

Coursemill Learning Management System LMS 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter...

6CVSS6.9AI score0.01027EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2013/09/06 10:0 a.m.22 views

CVE-2013-3602

SQL injection vulnerability in admindocumentworker.jsp in Coursemill Learning Management System LMS 6.6 allows remote authenticated users to execute arbitrary SQL commands via the docID parameter...

7.9AI score0.0126EPSS
Exploits0References1
CVE
CVE
added 2013/09/06 10:0 a.m.47 views

CVE-2013-3601

Affected software: Coursemill Learning Management System (LMS) 6.6. Vulnerability: inadequate restriction of JSP function calls allows remote authenticated users (via Student role) to perform arbitrary JSP operations by supplying an op parameter. Impact: privilege escalation to execute restricted...

6CVSS6.6AI score0.01027EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/09/06 10:0 a.m.49 views

CVE-2013-3605

CVE-2013-3605 concerns Cross-site request forgery (CSRF) in Coursemill Learning Management System (LMS) 6.6, enabling remote attackers to hijack the authentication of arbitrary users via cookies. The connected documents corroborate that the vulnerability involves cookie-related CSRF in the Course...

6.8CVSS7.2AI score0.00619EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2013/09/06 10:0 a.m.28 views

CVE-2013-5708

Coursemill Learning Management System LMS 6.8 constructs secret tokens based on time values, which makes it easier for remote attackers to conduct cross-site request forgery CSRF attacks via vectors related to cookies, a different vulnerability than CVE-2013-3605...

6.5AI score0.00698EPSS
Exploits0References1
Cvelist
Cvelist
added 2013/09/06 10:0 a.m.21 views

CVE-2013-3603

Cross-site scripting XSS vulnerability in Coursemill Learning Management System LMS 6.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages...

5.5AI score0.01012EPSS
Exploits0References1
Cvelist
Cvelist
added 2013/09/06 10:0 a.m.24 views

CVE-2013-5706

Multiple cross-site scripting XSS vulnerabilities in Coursemill Learning Management System LMS 6.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to error messages and 1 crafted event attributes or 2 greater than characters that are optional within a browser's...

5.6AI score0.01141EPSS
Exploits0References1
Cvelist
Cvelist
added 2013/09/06 10:0 a.m.22 views

CVE-2013-3600

Coursemill Learning Management System LMS 6.6 allows remote authenticated users to gain privileges via a modified userid value to unspecified functions...

6.5AI score0.01542EPSS
Exploits0References1
Cvelist
Cvelist
added 2013/09/06 10:0 a.m.29 views

CVE-2013-3599

userlogin.jsp in Coursemill Learning Management System LMS 6.6 and 6.8 allows remote attackers to gain privileges via a modified user-role value to home.html...

6.9AI score0.0193EPSS
Exploits0References1
Cvelist
Cvelist
added 2013/09/06 10:0 a.m.30 views

CVE-2013-3601

Coursemill Learning Management System LMS 6.6 does not properly restrict JSP function calls, which allows remote authenticated users to perform arbitrary JSP operations by leveraging the Student role and providing an op parameter...

6.5AI score0.01027EPSS
Exploits0References1
Cvelist
Cvelist
added 2013/09/06 10:0 a.m.27 views

CVE-2013-3605

Cross-site request forgery CSRF vulnerability in Coursemill Learning Management System LMS 6.6 allows remote attackers to hijack the authentication of arbitrary users via vectors related to cookies...

6.9AI score0.00619EPSS
Exploits0References1
CVE
CVE
added 2013/09/06 10:0 a.m.40 views

CVE-2013-3602

CVE-2013-3602 affects Coursemill Learning Management System (LMS) 6.6. The vulnerability is an SQL injection in admindocumentworker.jsp used to retrieve document data, where the docID parameter causes user-supplied SQL to be executed by the database. This vulnerability can be exploited by remote ...

7.5CVSS8.2AI score0.0126EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/09/06 10:0 a.m.44 views

CVE-2013-3604

CVE-2013-3604 concerns multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.6. The public descriptions in the provided documents state that remote attackers could inject arbitrary web script or HTML via crafted input. Connected records also referenc...

4.3CVSS5.8AI score0.01012EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/09/06 10:0 a.m.45 views

CVE-2013-3600

The CVE-2013-3600 issue affects Coursemill Learning Management System (LMS) 6.6. Affected component: the userid parameter used in certain functions (e.g., via Edit Profile); root cause is external control of an assumed-immutable web parameter, enabling privilege escalation when authenticated as a...

8.5CVSS6.7AI score0.01542EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/09/06 10:0 a.m.37 views

CVE-2013-5708

CVE-2013-5708 affects Coursemill Learning Management System (LMS) 6.8. The vulnerability arises because it constructs secret tokens based on time values, which enables remote attackers to perform cross-site request forgery (CSRF) via cookie-related vectors. This is described as a different vulner...

6.8CVSS6.8AI score0.00698EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/09/06 10:0 a.m.44 views

CVE-2013-3599

CVE-2013-3599 affects Coursemill Learning Management System (LMS) versions 6.6 and 6.8. The issue stems from userlogin.jsp where the response to the login page exposes the user role as a parameter, enabling an attacker to escalate privileges by modifying the role value sent to home.html. Red Hat ...

9.3CVSS7.1AI score0.0193EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/09/06 10:0 a.m.48 views

CVE-2013-5706

CVE-2013-5706 corresponds to multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.8. The issues allow remote attackers to inject arbitrary web script or HTML via error-message related vectors and two specific payload types: (1) crafted event attribu...

4.3CVSS5.7AI score0.01141EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2013/09/06 10:0 a.m.24 views

CVE-2013-3604

Multiple cross-site scripting XSS vulnerabilities in Coursemill Learning Management System LMS 6.6 allow remote attackers to inject arbitrary web script or HTML via crafted input...

5.7AI score0.01012EPSS
Exploits0References1
CVE
CVE
added 2013/09/06 10:0 a.m.49 views

CVE-2013-3603

CVE-2013-3603 is a cross-site scripting (XSS) vulnerability in Coursemill Learning Management System (LMS) 6.6, where remote attackers can inject arbitrary web script or HTML via vectors related to error messages. Connected sources mention related disclosures for LMS versions 6.6 and 6.8 and trac...

4.3CVSS5.6AI score0.01012EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/09/06 10:0 a.m.36 views

CVE-2013-5707

CVE-2013-5707 describes multiple XSS vulnerabilities in Coursemill Learning Management System (LMS) 6.8, enabling remote attackers to inject arbitrary web script or HTML via crafted input containing a %22 sequence. This is a separate issue from CVE-2013-3604. The NVD entry lists a MEDIUM severity...

4.3CVSS5.8AI score0.01141EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder