757 matches found
Claroline 1.5/1.6 toolaccess_details.php tool Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry...
Claroline 1.5/1.6 user_access_details.php data Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry...
Claroline 1.5/1.6 myagenda.php coursePath Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/13407/info Multiple remote input validation vulnerabilities affect Claroline e-Learning Application. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry...
Schoolhos CMS Beta 2.29 (index.php, id parameter) SQL Injection
No description provided by source. Exploit Title: Schoolhos CMS SQL Injetions Google Dork: intext:Schoolhos Free Open Source CMS Date: 22 Oktober 2012 Exploit Author: Cumi++ Vendor Homepage: http://schoolhos.com/ Version: Beta 2.29 Tested on: Ubuntu 12.04...
Docebo LMS <= 4.0.4 - (messages) Remote Code Execution
No description provided by source. ?php / Docebo LMS = v4.0.4 messages remote code execution exploit vendor: http://www.docebo.com/ software link: http://www.docebo.com/community/doceboCms/ author: mrme::rwx kru email: steventhomasseeley!gmail!com We must become the change we want to see in the...
用友某系统存在通用型远程代码执行
简要描述: 详细说明: 用友e-Learning 2.0学习管理系统 搜索特征 inurl:lmsv5/login!loginIndexPage.action 网络实例 http://58.214.233.113:8800/lmsv5/login!loginIndexPage.action http://60.216.4.162:9091/lmsv5/login!loginIndexPage.action http://139.210.99.46:8080/lmsv5/login!loginIndexPage.action http报文特征 爬行目录特征 attestionuserfil...
Claroline e-Learning 1.8.1 Privilege Escalation Vulnerability
Due to insufficient permission checking in profile.php any user can assign hem or her self to any organization by issueing a single http request. Claroline users can assign themselves their platform role, leading to possible privilege escalation Description: Due to insufficient permission checkin...
XSS in dokeos 2.1.1
Exploit Title : Dokeos 2.1.1 Multiple Cross-Site Scripting Vulnerabilities Author:Marcela Benetrix home:www.girlinthemiddle.net Date: 10/17/12 version: 2.1.1 software link:www.dokeos.com Dokeos description Dokeos is an open source e-learning platform programmed in PHP, Javascript and HTML which...
Schoolhos CMS Beta 2.29 - id SQL Injection
Schoolhos CMS Beta 2.29 - id SQL Injection Exploit Title: Schoolhos CMS SQL Injetions Google Dork: intext:Schoolhos Free Open Source CMS Date: 22 Oktober 2012 Exploit Author: Cumi++ Vendor Homepage: http://schoolhos.com/ Version: Beta 2.29 Tested on: Ubuntu 12.04...
DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities
Exploit for php platform in category web applications DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities function xss1document.forms"xss1".submit; function xss2document.forms"xss2".submit; form action="http://localhost/DoceboLMS404/doceboCore/index.php?modname=preassessment&op=modassessment"...
DoceboLMS 4.0.4 Cross Site Scripting
DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities function xss1document.forms"xss1".submit; function xss2document.forms"xss2".submit; input type="hidden" name="authenticrequest" value="23dfee506a748201730ab2bb7...
DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities
Summary DoceboLMS is a SCORM compliant Open Source e-Learning platform used in corporate, government and education markets. Description DoceboLMS suffers from multiple stored XSS vulnerabilities pre and post auth. Input thru the POST parameters 'name', 'code' and 'title' in index.php is not...
[DCA-2011-0003]: LMS Web Ensino - Multiple XSS, Session Fixation, CSRF and SQL Injection
DCA-2011-0003 Discussion - DcLabs Security Research Group advises about following vulnerabilityies: Software - LMS Web Ensino Vendor Product Description - Portuguese - O Learning Management System LMS Web Ensino uma ferramenta completa para o gerenciamento e oferta de cursos e treinamentos...
Chamilo Detection
This host is running Chamilo, an e-learning portal. OpenVAS Vulnerability Test $Id: gbchamilodetect.nasl 5723 2017-03-24 15:46:34Z cfi $ Chamilo Detection Authors: Michael Meyer Copyright: Copyright c 2011 Greenbone Networks GmbH This program is free software; you can redistribute it and/or modif...
CVE-2010-0954
SQL injection vulnerability in searchresult.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the courseID parameter...
Sql injection
SQL injection vulnerability in searchresult.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the courseID parameter...
CVE-2010-0954
SQL injection vulnerability in searchresult.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the courseID parameter...
CVE-2010-0954
CVE-2010-0954 corresponds to a SQL injection vulnerability in the Pre Projects Pre E-Learning Portal, specifically in search_result.asp where the course_ID parameter can be exploited to execute arbitrary SQL commands. The connected documents confirm the vulnerability details and affected componen...
Pre E-Learning Portal - search_result.asp SQL Injection
Pre E-Learning Portal - searchresult.asp SQL Injection source: https://www.securityfocus.com/bid/38582/info Pre E-Learning Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could...
Pre E-Learning Portal - 'search_result.asp' SQL Injection
source: https://www.securityfocus.com/bid/38582/info Pre E-Learning Portal is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access o...