Lucene search
K

757 matches found

seebug.org
seebug.org
added 2016/03/19 12:0 a.m.19 views

Timber E-learning在线考试系统商业版 /Web/User_Sort_List.aspx等8处 SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/19 12:0 a.m.29 views

Timber E-learning在线培训系统政府版/Web/New.aspx 等9处 SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2016/03/19 12:0 a.m.40 views

Timber E-learning 天柏在线考试系统 Exam_List.aspx 参数typeid SQL注入漏洞

0x01漏洞简介 Timber E-learning 天柏在线考试系统在/Web/ExamList.aspx由于对参数typeid过滤不严,导致出现SQL注入漏洞。远程攻击者可以结合错误回显的方式执行SQL指令,获取敏感信息。 0x02漏洞利用 以下面为例子: http:///Web/ExamList.aspx?typeid=141 and dbname0 0x03修复方案 过滤,或使用参数化的SQL语句。...

7.1AI score
Exploits0
htbridge
htbridge
added 2016/02/24 12:0 a.m.511 views

Arbitrary File Content Disclosure in Atutor

High-Tech Bridge Security Research Lab discovered path traversal vulnerability in a popular web-based e-learning system Atutor. A remote attacker can view contents of arbitrary local files on the target system with privileges of the web server. The vulnerability may allow an attacker gain access ...

5CVSS7.4AI score0.01937EPSS
Exploits1Affected Software1
Packet Storm
Packet Storm
added 2016/02/18 12:0 a.m.41 views

DOKEOS ce30 Authentication Bypass

Advisory ID: HTB23289 Product: DOKEOS Vendor: DOKEOS Vulnerable Versions: ce30 and probably prior Tested Version: ce30 Advisory Publication: January 7, 2016 without technical details Vendor Notification: January 7, 2016 Public Disclosure: February 17, 2016 Vulnerability Type: Improper...

0.9AI score
Exploits0
seebug.org
seebug.org
added 2016/01/09 12:0 a.m.27 views

Timber E-learning产品内置账号可操作任意用户及添加管理员/任意文件上传GetShell

No description provided by source...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2016/01/01 12:0 a.m.20 views

Chamilo LCMS Connect 4.1 Cross Site Scripting

Affected Vendor: http://lcms.chamilo.org/ Date: 27/03/2015 Discovered by: Joel Vadodil Varghese Type of vulnerability: Stored XSS Tested on: Windows 7 Product: LCMS Connect Version: 4.1 Description: Chamilo is an open-source under GNU/GPL licensing e-learning and content management system, aimed ...

7.4AI score
Exploits0
CNVD
CNVD
added 2015/11/22 12:0 a.m.2 views

Moodle Security Bypass Vulnerability (CNVD-2015-07731)

Moodle is a free, open source e-learning software platform. A security bypass vulnerability exists in Moodle, which can be exploited by remote attackers to bypass security restrictions and perform unauthorized operations...

4.3CVSS6.9AI score0.01313EPSS
Exploits0References1
myhack58
myhack58
added 2015/10/19 12:0 a.m.24 views

New for universal E-learning Management System SQL injection vulnerability-vulnerability warning-the black bar safety net

New for software E-learning Management System,using the enterprise pretty much Website parts list: Business: http://www.newv.com.cn/caseenterprise.html Education: http://www.newv.com.cn/casecollege.html Government: http://www.newv.com.cn/casegovernment.html The problem mainly shows in:...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2015/04/20 12:0 a.m.19 views

Timber E-learning /GovUserControl/FileUpLoad.aspx 文件上传漏洞

No description provided by source...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2015/03/27 12:0 a.m.22 views

Chamilo LCMS Connect 4.1 Clickjacking

Hi Team, Affected Vendor: http://lcms.chamilo.org/ Date: 27/03/2015 Discovered by: Joel Vadodil Varghese Type of vulnerability: Clickjacking Tested on: Windows 7 Product: LCMS Connect Version: 4.1 Description: Chamilo is an open-source under GNU/GPL licensing e-learning and content management...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2015/03/27 12:0 a.m.25 views

Chamilo LCMS Connect 4.1 Cross Site Request Forgery

Hi Team, Affected Vendor: http://lcms.chamilo.org/ Date: 27/03/2015 Discovered by: Joel Vadodil Varghese Type of vulnerability: XSRF Tested on: Windows 7 Product: LCMS Connect Version: 4.1 Description: Chamilo is an open-source under GNU/GPL licensing e-learning and content management system, aim...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2015/02/27 12:0 a.m.24 views

eFront Learning 3.6.11 Cross Site Scripting

Affected software: efrontlearning Type of vulnerability: stored xss URL: http://demo.efrontlearning.net/ Discovered by: Provensec Website: http://www.provensec.com Description: Open Source e-Learning Proof of concept version:eFront 3.6.11 goto addd new category...

7.4AI score
Exploits0
Drupal
Drupal
added 2015/01/07 12:0 a.m.22 views

SA-CONTRIB-2015-002 - Course - Cross Site Scripting (XSS)

Course module enables you to create e-learning courses with any number of requirements for completion. The module doesn't sufficiently filter node title displays when being used in a course. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to creat...

3.5CVSS6.3AI score0.00965EPSS
Exploits0References11
seebug.org
seebug.org
added 2014/07/21 12:0 a.m.26 views

用友某通用学习管理系统设计不当致用户信息泄漏(可批量)

简要描述: 已经有大牛呵呵过了,至于是谁..自己猜去 详细说明: WooYun: 某通用型在线学习管理系统存在任意文件上传及任意文件下载漏洞 , WooYun: 某通用型在线学习管理系统存在任意文件上传漏洞(另一种奇葩姿势) 用友的e-Learning,wefgod大牛提交过,这里摘取一下他之前提供的弱口令: 首先需要一个低权限账号登录(反正没有验证码,设定好简单密码,按数字直接丢去暴了都没有问题) 给出几个默认或简单密码的: http://58.214.233.113:8800/lmsv5/ 00041013/123456 00041014/123456...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

Claroline 1.5/1.6 userInfo.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.6 views

Pre E-Learning Portal 'search_result.asp' SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/38582/info Pre E-Learning Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

Claroline e-Learning <= 1.6 - Remote Hash SQL Injection Exploit

No description provided by source. ?php T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m Vulnerable: Claroline E-Learning Application Exploit By : MHp0rtal Discovered By: Sieg Fried Gr33tz To == Alphaprogrammer , Oilkarchack , DrCephaleX , Str0ke And Iranian Hacking & Security Teams :...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.31 views

Dokeos E-Learning System 1.8.5 - Local File Inclusion Vulnerability

No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-029 Application: Dokeos E-Learning System Versions Affected: 1.8.5 Vendor URL: http://dokeos.com/ Bug: Local File Include Exploits: YES Reported: 01.07.2008 Vendor response: 05.07.2008 Solution: YES Date ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.33 views

Docebo LMS <= 4.0.4 - (messages) Remote Code Execution

No description provided by source. ?php / Docebo LMS = v4.0.4 messages remote code execution exploit vendor: http://www.docebo.com/ software link: http://www.docebo.com/community/doceboCms/ author: mrme::rwx kru email: steventhomasseeley!gmail!com We must become the change we want to see in the...

7.1AI score
Exploits0
Rows per page
Query Builder