757 matches found
Logic Design Vulnerability in ECS Online Learning System v3.1.0
E-learning Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. E-learning system v3.1.0 has a logical design vulnerability that can be exploited by attackers to reset any user's password and obtain sensitive user information...
e-learning-formation.com XSS vulnerability
Open Bug Bounty ID: OBB-264104 Description| Value ---|--- Affected Website:| e-learning-formation.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Arbitrary file upload vulnerability in the Uploading.ashx file of MicroXia e-learning platform
Micro Xia Online Learning Platform is an online education system based on B/S architecture. An arbitrary file uploading vulnerability exists in the Uploading.ashx file of the Weixia Online Learning Platform. It allows attackers to exploit the vulnerability to upload webshell and gain server...
Docebo LMS v6.9 - (Localization) Persistent Vulnerability
Document Title: =============== Docebo LMS v6.9 - Localization Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1880 Release Date: ============= 2016-12-21 Vulnerability Laboratory ID VL-ID: ==================================== 18...
Moodle Security Bypass Vulnerability (CNVD-2016-11545)
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A security bypass vulnerability exists in Moodle, which can be exploited by attackers ...
Schoolhos CMS 2.29 - Remote Code Execution SQL Injection
Schoolhos CMS 2.29 - Remote Code Execution SQL Injection \x0d\x0a-----------------------------26518470919255\x0d\x0a\x0d\x0a' \ 'http://HOST/PATH/elearningku/proses.php?pilih=guru&untukdi=upload'...
SQL Injection Vulnerability in ClientCourse.asmx?op, E-learning Management System of Xinwei Software
E-learning management system is an online learning platform of Shenzhen Xinwei Software Co. A SQL injection vulnerability exists in the ClientCourse.asmx?op= page of the E-learning management system of Xinwei Software. An attacker can exploit the vulnerability to obtain sensitive information from...
XML Entity Injection Vulnerability in Xinwei Software E-learning System
E-learning management system is an online learning platform of Shenzhen Xinwei Software Co. An XML entity injection vulnerability exists in the E-learning system of Xinwei Software. An attacker can use the vulnerability to remotely execute commands and gain server privileges...
SQL Injection Vulnerability in SmartClient.asmx?op Page of Xinwei Software E-learning System
E-learning management system is an online learning platform of Shenzhen Xinwei Software Co. A SQL injection vulnerability exists in the SmartClient.asmx?op page of Xinwei Software's E-learning system. An attacker can exploit the vulnerability to obtain sensitive information from the website...
Claroline 1.7.7 - Arbitrary File Inclusion
Claroline 1.7.7 - Arbitrary File Inclusion Claroline Arbitrary File Inclusion Vendor: Claroline Product: Claroline Version: 0 $uidReset = true; $clarologinSucceeded = true; break; e...
Claroline < 1.7.7 - Arbitrary File Inclusion
Claroline Arbitrary File Inclusion Vendor: Claroline Product: Claroline Version: 0 $uidReset = true; $clarologinSucceeded = true; break; else...
Docebo LMS 6.9 - (Moxie) API Calls RST RCE Vulnerability
Document Title: =============== Docebo LMS 6.9 - Moxie API Calls RST RCE Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1888 Video: http://www.vulnerability-lab.com/getcontent.php?id=1892 Release Date: ============= 2016-08-02 Vulnerabilit...
New to E-learning /exam/api/On. asmx GetUserExamView interface parameters userUid injection vulnerability
No description provided by source...
Times bright China e-Learning system /resin-doc/examples/security-basic/viewfile parameter file arbitrary file read vulnerability
No description provided by source...
Timber E-learning在线培训系统网校版 Search.aspx 参数select SQL注入漏洞
No description provided by source...
Timber E-learning在线培训系统 Type_List.aspx 参数typeid SQL注入漏洞
0x01 框架介绍 相关厂商: 上海天柏信息科技有限公司 公开时间: 2016-01-11 漏洞类型: SQL注射漏洞 官方主页: http://www.timber2005.com/ 案例:http://www.timber2005.com/Customer.html 0x02 漏洞细节 http://.../WebOrg/TypeList.aspx?typeid=1 0x03 修复方案 1、过滤漏洞文件参数 2、使用加速乐等防护产品...
Timber E-learning在线考试系统后台 /system/Dep_Right.aspx 参数DEP_NAME2 SQL注入漏洞
0x01漏洞简介 Timber E-learning在线考试系统的后台/system/DepRight.aspx对参数DEPNAME2过滤不严格,导致出现注入漏洞。远程攻击者先需要注册一个用户,登陆后台后可以利用这些漏洞执行SQL指令。该漏洞利用的步骤如下: 1访问页面/usercontrol/ajax.aspx输入用户名密码,进行登陆 http://www..com/usercontrol/ajax.aspx post: Action=post&username=&pwd=&func=Login 登陆成功,将返回true,否则返回false 2登陆成功后,可以利用注入漏洞执行SQL指令...
promotion-sociale-marche.be XSS vulnerability
Vulnerable URL: http://www.promotion-sociale-marche.be/e-learning/claroline/backends/download.php?url=aHR0cDovL2cuZTxzdmcgb25sb2FkPWFsZXJ0KCJYU1NQT1NFRCIpPg==%3D=true=TOUS&7880348a71b083f9544b8331e92830aa=de5c42b513f83b302438c4e30c6df000 Details: Description| Value ---|--- Patched:| No Latest che...
新为软件E-learning 文件上传漏洞
No description provided by source...
Timber E-learning在线考试系统后台 /Paper/Paper_Manage.aspx 等13处 SQL注入漏洞
No description provided by source...