16 matches found
EUVD-2009-2002
Malware in sbrugna...
EUVD-2009-2000
Malware in sbrugna...
EUVD-2009-2004
Malware in sbrugna...
CVE-2009-2009
Multiple cross-site scripting XSS vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 curdirpath parameter to main/document/slideshow.php and the 2 file parameter to main/exercice/testheaderpage.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 searchterm parameter to main/auth/courses.php; the 2 frmtitle and 3 frmcontent parameters in a new personal agenda item action; the 4...
CVE-2009-2006
Multiple cross-site scripting XSS vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 searchterm parameter to main/auth/courses.php; the 2 frmtitle and 3 frmcontent parameters in a new personal agenda item action; the 4...
Directory traversal
Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to 1 read portions of arbitrary files via a .. dot dot and a ..\ dot dot backslash in the lang parameter to main/exercice/hotspotlangconversion.php and 2 read arbitrary files via a .. dot do...
CVE-2009-2005
Cross-site request forgery CSRF vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors...
CVE-2009-2004
Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the 1 student and 2 course parameters, a different vector than CVE-2007-2902...
Sql injection
Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the 1 uInfo parameter to main/tracking/userLog.php and the 2 course parameter to main/mySpace/lptracking.php, a different vector than CVE-2009-2006.2...
CVE-2009-2005
Cross-site request forgery CSRF vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items via unknown vectors...
CVE-2009-2007
CVE-2009-2007 corresponds to multiple directory traversal vulnerabilities in Dokeos 1.8.5 (and possibly earlier). The flaws allow remote attackers to read portions of arbitrary files through two parameters: lang in main/exercice/hotspot_lang_conversion.php (using .. or ..\ in the value) doc_url i...
CVE-2009-2004
CVE-2009-2004 / CVE-2007-2902 involve multiple SQL injection vulnerabilities in Dokeos. The CVE-2009-2004 entry describes SQLi in main/mySpace/myStudents.php affecting Dokeos 1.8.5 and possibly earlier, allowing remote attackers to execute arbitrary SQL commands via the (1) student and (2) course...
CVE-2009-2009
CVE-2009-2009 affects Dokeos 1.8.5 (and possibly earlier). The vulnerability involves multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via two parameters: (1) curdirpath in main/document/slideshow.php and (2) file in main/exerc...
CVE-2009-2006
CVE-2009-2006 : Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5 (and possibly earlier) allow remote attackers to inject arbitrary script/HTML via several parameters in main/auth/courses.php, main/mySpace/myStudents.php, and related actions. Vectors 2 and 3 may require a separa...
Dokeos <= 1.8.5 'user_portal.php' Local File Include Vulnerability
Dokeos is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...