300 matches found
Hacking AI-Graded Tests
The company Edgenuity sells AI systems for grading tests. Turns out that they just search for keywords without doing any actual semantic analysis...
Hacking AI-Graded Tests
The company Edgenuity sells AI systems for grading tests. Turns out that they just search for keywords without doing any actual semantic analysis...
CVE-2020-8203
Prototype pollution attack when using .zipObjectDeep in lodash before 4.17.20...
Submitty 20.04.01 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Submitty 20.04.01 - Persistent Cross-Site Scripting Exploit Author: humblelad Vendor Homepage: http://submitty.org/ Software Link: https://github.com/Submitty/Submitty/releases Version: 20.04.01 Tested on: Mac Os Catalina CVE :...
Sourcecodester Online Grading System SQL Injection Vulnerability
Sourcecodester Online Grading System is a student information management system. The system provides functions such as student information management and online grading. A SQL injection vulnerability exists in the Sourcecodester Online Grading System. An attacker can exploit this vulnerability to...
Sourcecodester Online Grading System Cross-Site Request Forgery Vulnerability
Sourcecodester Online Grading System is a student information management system. The system provides functions such as student information management and online grading. A cross-site request forgery vulnerability exists in the Sourcecodester Online Grading System. An attacker could use this...
CVE-2019-18344
Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page id or classid parameter...
CVE-2019-18344
Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page id or classid parameter...
Sql injection
Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page id or classid parameter...
CVE-2019-18344
Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page id or classid parameter...
CVE-2019-18344
Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection. The flaw allows remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user pages (id or classid parameters). Affected component: Online Grading System 1.0...
CVE-2019-18280
Sourcecodester Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a crafted HTML page, as demonstrated by a Create User action at the...
CVE-2019-18280
Sourcecodester Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a crafted HTML page, as demonstrated by a Create User action at the...
Cross site request forgery (csrf)
Sourcecodester Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a crafted HTML page, as demonstrated by a Create User action at the...
CVE-2019-18280
CVE-2019-18280 affects Sourcecodester Online Grading System 1.0. The vulnerability is a CSRF weakness due to lack of CSRF protection, allowing an attacker to trick an administrator into executing actions via a crafted HTML page, as demonstrated by a Create User action at the admin/modules/user/co...
CVE-2019-18280
Sourcecodester Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a crafted HTML page, as demonstrated by a Create User action at the...
Apple Updates Privacy Policies After Siri Audio Recording Backlash
Apple is taking steps to improve the privacy of audio collected by its Siri voice assistant, on the heels of backlash around a program that let contractors listen into Siri conversations. On Wednesday, the phone giant apologized for violating users’ privacy through the program, which was...
Apple Suspends Siri Program After Privacy Backlash
Apple is suspending a program that lets contractors listen in on Siri voice recordings after facing a rain of backlash regarding the privacy implications of the program. The suspension comes after a report in The Guardian last week outlining how contractors regularly listen to intimate voice...
Cross-Site Scripting (XSS)
Moodle is vulnerable to cross-site scriptingXSS attacks. The attacks are possible because the application does not use the RISKXSS flag in mod/quiz/db/access.php, allowing attackers to use this loophole when providing gradebook feedback for manual quiz grading...
Multiple Cross-Site Request Forgery (CSRF)
Moodle is vulnerable to multiple cross-site request forgery CSRF attacks. The attacks exist because mod/assign/locallib.php does not properly handle session checking in Assignment's quick-grading, allowing any authenticated user to perform the attacks...