757 matches found
Timber E-learning在线考试系统商业版 /Web/User_Sort_List.aspx等8处 SQL注入漏洞
No description provided by source...
Timber E-learning在线培训系统政府版/Web/New.aspx 等9处 SQL注入漏洞
No description provided by source...
Timber E-learning 天柏在线考试系统 Exam_List.aspx 参数typeid SQL注入漏洞
0x01漏洞简介 Timber E-learning 天柏在线考试系统在/Web/ExamList.aspx由于对参数typeid过滤不严,导致出现SQL注入漏洞。远程攻击者可以结合错误回显的方式执行SQL指令,获取敏感信息。 0x02漏洞利用 以下面为例子: http:///Web/ExamList.aspx?typeid=141 and dbname0 0x03修复方案 过滤,或使用参数化的SQL语句。...
Arbitrary File Content Disclosure in Atutor
High-Tech Bridge Security Research Lab discovered path traversal vulnerability in a popular web-based e-learning system Atutor. A remote attacker can view contents of arbitrary local files on the target system with privileges of the web server. The vulnerability may allow an attacker gain access ...
DOKEOS ce30 Authentication Bypass
Advisory ID: HTB23289 Product: DOKEOS Vendor: DOKEOS Vulnerable Versions: ce30 and probably prior Tested Version: ce30 Advisory Publication: January 7, 2016 without technical details Vendor Notification: January 7, 2016 Public Disclosure: February 17, 2016 Vulnerability Type: Improper...
Timber E-learning产品内置账号可操作任意用户及添加管理员/任意文件上传GetShell
No description provided by source...
Chamilo LCMS Connect 4.1 Cross Site Scripting
Affected Vendor: http://lcms.chamilo.org/ Date: 27/03/2015 Discovered by: Joel Vadodil Varghese Type of vulnerability: Stored XSS Tested on: Windows 7 Product: LCMS Connect Version: 4.1 Description: Chamilo is an open-source under GNU/GPL licensing e-learning and content management system, aimed ...
Moodle Security Bypass Vulnerability (CNVD-2015-07731)
Moodle is a free, open source e-learning software platform. A security bypass vulnerability exists in Moodle, which can be exploited by remote attackers to bypass security restrictions and perform unauthorized operations...
New for universal E-learning Management System SQL injection vulnerability-vulnerability warning-the black bar safety net
New for software E-learning Management System,using the enterprise pretty much Website parts list: Business: http://www.newv.com.cn/caseenterprise.html Education: http://www.newv.com.cn/casecollege.html Government: http://www.newv.com.cn/casegovernment.html The problem mainly shows in:...
Timber E-learning /GovUserControl/FileUpLoad.aspx 文件上传漏洞
No description provided by source...
Chamilo LCMS Connect 4.1 Clickjacking
Hi Team, Affected Vendor: http://lcms.chamilo.org/ Date: 27/03/2015 Discovered by: Joel Vadodil Varghese Type of vulnerability: Clickjacking Tested on: Windows 7 Product: LCMS Connect Version: 4.1 Description: Chamilo is an open-source under GNU/GPL licensing e-learning and content management...
Chamilo LCMS Connect 4.1 Cross Site Request Forgery
Hi Team, Affected Vendor: http://lcms.chamilo.org/ Date: 27/03/2015 Discovered by: Joel Vadodil Varghese Type of vulnerability: XSRF Tested on: Windows 7 Product: LCMS Connect Version: 4.1 Description: Chamilo is an open-source under GNU/GPL licensing e-learning and content management system, aim...
eFront Learning 3.6.11 Cross Site Scripting
Affected software: efrontlearning Type of vulnerability: stored xss URL: http://demo.efrontlearning.net/ Discovered by: Provensec Website: http://www.provensec.com Description: Open Source e-Learning Proof of concept version:eFront 3.6.11 goto addd new category...
SA-CONTRIB-2015-002 - Course - Cross Site Scripting (XSS)
Course module enables you to create e-learning courses with any number of requirements for completion. The module doesn't sufficiently filter node title displays when being used in a course. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to creat...
用友某通用学习管理系统设计不当致用户信息泄漏(可批量)
简要描述: 已经有大牛呵呵过了,至于是谁..自己猜去 详细说明: WooYun: 某通用型在线学习管理系统存在任意文件上传及任意文件下载漏洞 , WooYun: 某通用型在线学习管理系统存在任意文件上传漏洞(另一种奇葩姿势) 用友的e-Learning,wefgod大牛提交过,这里摘取一下他之前提供的弱口令: 首先需要一个低权限账号登录(反正没有验证码,设定好简单密码,按数字直接丢去暴了都没有问题) 给出几个默认或简单密码的: http://58.214.233.113:8800/lmsv5/ 00041013/123456 00041014/123456...
Claroline 1.5/1.6 userInfo.php Multiple Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry...
Pre E-Learning Portal 'search_result.asp' SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/38582/info Pre E-Learning Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...
Claroline e-Learning <= 1.6 - Remote Hash SQL Injection Exploit
No description provided by source. ?php T r a p - S e t U n d e r g r o u n d H a c k i n g T e a m Vulnerable: Claroline E-Learning Application Exploit By : MHp0rtal Discovered By: Sieg Fried Gr33tz To == Alphaprogrammer , Oilkarchack , DrCephaleX , Str0ke And Iranian Hacking & Security Teams :...
Dokeos E-Learning System 1.8.5 - Local File Inclusion Vulnerability
No description provided by source. Digital Security Research Group DSecRG Advisory DSECRG-08-029 Application: Dokeos E-Learning System Versions Affected: 1.8.5 Vendor URL: http://dokeos.com/ Bug: Local File Include Exploits: YES Reported: 01.07.2008 Vendor response: 05.07.2008 Solution: YES Date ...
Docebo LMS <= 4.0.4 - (messages) Remote Code Execution
No description provided by source. ?php / Docebo LMS = v4.0.4 messages remote code execution exploit vendor: http://www.docebo.com/ software link: http://www.docebo.com/community/doceboCms/ author: mrme::rwx kru email: steventhomasseeley!gmail!com We must become the change we want to see in the...