EUVD-2012-2903

Malware in sbrugna...

The vulnerability of the eLearning Server 4G system management and development system lies in the lack of checks on the input data for HTML tags. This allows a malicious individual to alter the main text of web pages or execute arbitrary code in the user’s browser.

The vulnerability of the eLearning Server 4G system management and development system is related to the lack of checks on the input data for the presence of HTML tags including a tag containing JavaScript code. Exploiting this vulnerability could allow an attacker to modify the main text of the...

The vulnerability of the eLearning Server 4G system in terms of access control deficiencies allows an intruder to gain access to the user’s file storage.

The vulnerability of the eLearning Server 4G system for managing learning and development is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to gain access to the user’s file storage by replacing the parameters of the current user’s identifie...

The vulnerability of the eLearning Server 4G system management and development framework lies in the lack of checks on input data for HTML tags. This allows attackers to alter settings in users’ personal dashboards or execute arbitrary codes.

The vulnerability of the eLearning Server 4G system management and development framework lies in the lack of checks on the input data for the presence of HTML tags, including a tag containing JavaScript code. Exploiting this vulnerability could allow an attacker to modify the settings of a user’s...

elearning server 4g Multiple Vulnerabilities

No description provided by source. Exploit Title: eLearning Server Multiple Remote Vulnerabilities Google Dork: intitle:eLearning Server Date: 10.05.2012 Author: Eugene Salov, Andrey Komarov Group-IB, http://group-ib.ru Software Link: http://www.hypermethod.ru/ Version: 4G Tested on: Microsoft...

CVE-2012-2924

PHP remote file inclusion vulnerability in admin/setup.inc.php in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

CVE-2012-2923

SQL injection vulnerability in news.php4 in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary SQL commands via the nid parameter...

Sql injection

SQL injection vulnerability in news.php4 in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary SQL commands via the nid parameter...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/setup.inc.php in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

CVE-2012-2923

SQL injection vulnerability in news.php4 in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary SQL commands via the nid parameter...

CVE-2012-2923

The provided data confirms CVE-2012-2923 as a SQL injection in Hypermethod eLearning Server 4G, specifically in news.php4 via the nid parameter. Exploitation could allow remote attackers to execute arbitrary SQL commands, impacting data confidentiality and integrity; the base CVSS score is 7.5 (H...

CVE-2012-2924

PHP remote file inclusion vulnerability in admin/setup.inc.php in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

CVE-2012-2924

CVE-2012-2924 affects Hypermethod eLearning Server 4G. Vulnerability: PHP remote file inclusion in admin/setup.inc.php allows an attacker to supply a URL in the path parameter to execute arbitrary PHP code on the server. Affected software/component: Hypermethod eLearning Server 4G (admin/setup.in...

eLearning Server 4G Remote File Include and SQL Injection Vulnerabilities

eLearning Server 4G is prone to a remote file-include issue and an SQL- injection issue. A successful exploit may allow an attacker to execute malicious code within the context of the webserver process, compromise the application, access or modify data, or exploit latent vulnerabilities in the...

eLearning Server 4G Multiple Vulnerabilities (May 2012) - Active Check

eLearning Server 4G is prone to a remote file include RFI and an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

eLearning Server 4G Remote File Inclusion / SQL Injection

Exploit Title: eLearning Server Multiple Remote Vulnerabilities Google Dork: intitle:"eLearning Server" Date: 10.05.2012 Author: Eugene Salov, Andrey Komarov Group-IB, http://group-ib.ru Software Link: http://www.hypermethod.ru/ Version: 4G Tested on: Microsoft Windows news.php4 "nid" SQL...

eLearning server 4g - Multiple Vulnerabilities

eLearning server 4g - Multiple Vulnerabilities Exploit Title: eLearning Server Multiple Remote Vulnerabilities Google Dork: intitle:"eLearning Server" Date: 10.05.2012 Author: Eugene Salov, Andrey Komarov Group-IB, http://group-ib.ru Software Link: http://www.hypermethod.ru/ Version: 4G Tested on...

eLearning Server 4G Multiple Remote Vulnerabilities

Exploit for php platform in category web applications Exploit Title: eLearning Server Multiple Remote Vulnerabilities Google Dork: intitle:"eLearning Server" Date: 10.05.2012 Author: Eugene Salov, Andrey Komarov Group-IB, http://group-ib.ru Software Link: http://www.hypermethod.ru/ Version: 4G...

eLearning server 4g - Multiple Vulnerabilities

Exploit Title: eLearning Server Multiple Remote Vulnerabilities Google Dork: intitle:"eLearning Server" Date: 10.05.2012 Author: Eugene Salov, Andrey Komarov Group-IB, http://group-ib.ru Software Link: http://www.hypermethod.ru/ Version: 4G Tested on: Microsoft Windows news.php4 "nid" SQL...