Lucene search
K

757 matches found

CNVD
CNVD
added 2017/08/07 12:0 a.m.3 views

Logic Design Vulnerability in ECS Online Learning System v3.1.0

E-learning Online Learning System is an online learning platform system developed with thinkphp+bootstrap as the framework. E-learning system v3.1.0 has a logical design vulnerability that can be exploited by attackers to reset any user's password and obtain sensitive user information...

6.9AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/07/14 3:14 a.m.12 views

e-learning-formation.com XSS vulnerability

Open Bug Bounty ID: OBB-264104 Description| Value ---|--- Affected Website:| e-learning-formation.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.3AI score
Exploits0
CNVD
CNVD
added 2017/04/24 12:0 a.m.0 views

Arbitrary file upload vulnerability in the Uploading.ashx file of MicroXia e-learning platform

Micro Xia Online Learning Platform is an online education system based on B/S architecture. An arbitrary file uploading vulnerability exists in the Uploading.ashx file of the Weixia Online Learning Platform. It allows attackers to exploit the vulnerability to upload webshell and gain server...

7.3AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2016/12/21 12:0 a.m.45 views

Docebo LMS v6.9 - (Localization) Persistent Vulnerability

Document Title: =============== Docebo LMS v6.9 - Localization Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1880 Release Date: ============= 2016-12-21 Vulnerability Laboratory ID VL-ID: ==================================== 18...

7.1AI score
Exploits0
CNVD
CNVD
added 2016/11/24 12:0 a.m.2 views

Moodle Security Bypass Vulnerability (CNVD-2016-11545)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A security bypass vulnerability exists in Moodle, which can be exploited by attackers ...

5.3CVSS5.6AI score0.01196EPSS
Exploits0References1
exploitpack
exploitpack
added 2016/11/13 12:0 a.m.29 views

Schoolhos CMS 2.29 - Remote Code Execution SQL Injection

Schoolhos CMS 2.29 - Remote Code Execution SQL Injection \x0d\x0a-----------------------------26518470919255\x0d\x0a\x0d\x0a' \ 'http://HOST/PATH/elearningku/proses.php?pilih=guru&untukdi=upload'...

0.7AI score
Exploits0
CNVD
CNVD
added 2016/08/27 12:0 a.m.0 views

SQL Injection Vulnerability in ClientCourse.asmx?op, E-learning Management System of Xinwei Software

E-learning management system is an online learning platform of Shenzhen Xinwei Software Co. A SQL injection vulnerability exists in the ClientCourse.asmx?op= page of the E-learning management system of Xinwei Software. An attacker can exploit the vulnerability to obtain sensitive information from...

7.6AI score
Exploits0References1
CNVD
CNVD
added 2016/08/27 12:0 a.m.1 views

XML Entity Injection Vulnerability in Xinwei Software E-learning System

E-learning management system is an online learning platform of Shenzhen Xinwei Software Co. An XML entity injection vulnerability exists in the E-learning system of Xinwei Software. An attacker can use the vulnerability to remotely execute commands and gain server privileges...

7.9AI score
Exploits0References1
CNVD
CNVD
added 2016/08/27 12:0 a.m.2 views

SQL Injection Vulnerability in SmartClient.asmx?op Page of Xinwei Software E-learning System

E-learning management system is an online learning platform of Shenzhen Xinwei Software Co. A SQL injection vulnerability exists in the SmartClient.asmx?op page of Xinwei Software's E-learning system. An attacker can exploit the vulnerability to obtain sensitive information from the website...

7.6AI score
Exploits0References1
exploitpack
exploitpack
added 2016/08/14 12:0 a.m.39 views

Claroline 1.7.7 - Arbitrary File Inclusion

Claroline 1.7.7 - Arbitrary File Inclusion Claroline Arbitrary File Inclusion Vendor: Claroline Product: Claroline Version: 0 $uidReset = true; $clarologinSucceeded = true; break; e...

5.1CVSS0.9AI score0.10076EPSS
Exploits4
Exploit DB
Exploit DB
added 2016/08/14 12:0 a.m.41 views

Claroline < 1.7.7 - Arbitrary File Inclusion

Claroline Arbitrary File Inclusion Vendor: Claroline Product: Claroline Version: 0 $uidReset = true; $clarologinSucceeded = true; break; else...

5.1CVSS6.9AI score0.10076EPSS
Exploits4
Vulnerability Lab
Vulnerability Lab
added 2016/08/02 12:0 a.m.65 views

Docebo LMS 6.9 - (Moxie) API Calls RST RCE Vulnerability

Document Title: =============== Docebo LMS 6.9 - Moxie API Calls RST RCE Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1888 Video: http://www.vulnerability-lab.com/getcontent.php?id=1892 Release Date: ============= 2016-08-02 Vulnerabilit...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/06/17 12:0 a.m.15 views

New to E-learning /exam/api/On. asmx GetUserExamView interface parameters userUid injection vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/06/17 12:0 a.m.34 views

Times bright China e-Learning system /resin-doc/examples/security-basic/viewfile parameter file arbitrary file read vulnerability

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/19 12:0 a.m.13 views

Timber E-learning在线培训系统网校版 Search.aspx 参数select SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/19 12:0 a.m.26 views

Timber E-learning在线培训系统 Type_List.aspx 参数typeid SQL注入漏洞

0x01 框架介绍 相关厂商: 上海天柏信息科技有限公司 公开时间: 2016-01-11 漏洞类型: SQL注射漏洞 官方主页: http://www.timber2005.com/ 案例:http://www.timber2005.com/Customer.html 0x02 漏洞细节 http://.../WebOrg/TypeList.aspx?typeid=1 0x03 修复方案 1、过滤漏洞文件参数 2、使用加速乐等防护产品...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/04/13 12:0 a.m.27 views

Timber E-learning在线考试系统后台 /system/Dep_Right.aspx 参数DEP_NAME2 SQL注入漏洞

0x01漏洞简介 Timber E-learning在线考试系统的后台/system/DepRight.aspx对参数DEPNAME2过滤不严格,导致出现注入漏洞。远程攻击者先需要注册一个用户,登陆后台后可以利用这些漏洞执行SQL指令。该漏洞利用的步骤如下: 1访问页面/usercontrol/ajax.aspx输入用户名密码,进行登陆 http://www..com/usercontrol/ajax.aspx post: Action=post&username=&pwd=&func=Login 登陆成功,将返回true,否则返回false 2登陆成功后,可以利用注入漏洞执行SQL指令...

7.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/04/03 1:35 a.m.10 views

promotion-sociale-marche.be XSS vulnerability

Vulnerable URL: http://www.promotion-sociale-marche.be/e-learning/claroline/backends/download.php?url=aHR0cDovL2cuZTxzdmcgb25sb2FkPWFsZXJ0KCJYU1NQT1NFRCIpPg==%3D=true=TOUS&7880348a71b083f9544b8331e92830aa=de5c42b513f83b302438c4e30c6df000 Details: Description| Value ---|--- Patched:| No Latest che...

6.3AI score
Exploits0
seebug.org
seebug.org
added 2016/03/29 12:0 a.m.21 views

新为软件E-learning 文件上传漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/19 12:0 a.m.32 views

Timber E-learning在线考试系统后台 /Paper/Paper_Manage.aspx 等13处 SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
Rows per page
Query Builder