25 matches found
EUVD-2008-0857
Malware in sbrugna...
EUVD-2008-0858
Malware in sbrugna...
EUVD-2007-6540
Malware in sbrugna...
Dokeos 1.x forum/viewforum.php forum Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/26992/info Dokeos is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser ...
Dokeos <= 1.8.4 main/admin/session_list.php cmessage Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/27792/info Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue. Attackers can...
CVE-2008-1222
Cross-site scripting XSS vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-1222
CVE-2008-1222 is an XSS in Dokeos 1.8.4 before SP3. Remote attackers can inject arbitrary script/HTML via unspecified vectors. The connected sources confirm the affected product and vulnerability type; no detailed root cause, exact vectors, or patch specifics are provided in the documents. No exp...
CVE-2008-0851
Multiple cross-site scripting XSS vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the 1 username parameter to inscription.php, 2 courseCode parameter to main/calendar/myagenda.php, 3 category parameter to main/admin/coursecategory.php, 4 message...
Sql injection
Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to whoisonline.php, 2 trackinglistcoachescolumn parameter to main/mySpace/index.php, 3 tutorname parameter to main/createcourse/addcourse.php, the 4 Referer HTTP...
CVE-2008-0850
Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to whoisonline.php, 2 trackinglistcoachescolumn parameter to main/mySpace/index.php, 3 tutorname parameter to main/createcourse/addcourse.php, the 4 Referer HTTP...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the 1 username parameter to inscription.php, 2 courseCode parameter to main/calendar/myagenda.php, 3 category parameter to main/admin/coursecategory.php, 4 message...
CVE-2008-0851
Multiple cross-site scripting XSS vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the 1 username parameter to inscription.php, 2 courseCode parameter to main/calendar/myagenda.php, 3 category parameter to main/admin/coursecategory.php, 4 message...
CVE-2008-0850
Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to whoisonline.php, 2 trackinglistcoachescolumn parameter to main/mySpace/index.php, 3 tutorname parameter to main/createcourse/addcourse.php, the 4 Referer HTTP...
CVE-2008-0851
CVE-2008-0851 affects Dokeos 1.8.4 with multiple cross-site scripting (XSS) vulnerabilities. Remote attackers can inject arbitrary web script/HTML via (1) username in inscription.php, (2) courseCode in main/calendar/myagenda.php, (3) category in main/admin/course_category.php, (4) message in main...
CVE-2008-0850
CVE-2008-0850 concerns Dokeos 1.8.4 with multiple SQL injection vulnerabilities. The affected components include: (1) id parameter in whoisonline.php, (2) tracking_list_coaches_column parameter in main/mySpace/index.php, (3) tutor_name parameter in main/create_course/add_course.php, (4) Referer H...
Dokeos 1.8.4 - '/main/mySpace/index.php?tracking_list_coaches_column' SQL Injection
source: https://www.securityfocus.com/bid/27792/info Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue. Attackers can exploit these issues to execute...
Dokeos 1.8.4 - '/main/calendar/myagenda.php?courseCode' Cross-Site Scripting
source: https://www.securityfocus.com/bid/27792/info Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue. Attackers can exploit these issues to execute...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the origin parameter to work/work.php in a displayuploadform action, or the forum parameter to 2 forum/viewforum.php or 3 forum/viewthread.php...
Dokeos 1.x - forumviewthread.php?forum Cross-Site Scripting
Dokeos 1.x - forumviewthread.php?forum Cross-Site Scripting source: https://www.securityfocus.com/bid/26992/info Dokeos is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...
CVE-2007-6479
Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php aka the "My profile" page in Dokeos 1.8.4 allows remote authenticated users to upload and execute arbitrary PHP files via a filename with a double extension, which can then be accessed through a URI...