183 matches found
CVE-2023-32317
Autolab’s CVE-2023-32317 describes a tar-slip vulnerability in the MOSS cheat checker. An authenticated instructor can upload a crafted tar file via either the Base File Tar or Additional file archive inputs, causing expansion of archive contents to attacker-controlled paths (e.g., ../../../../tm...
PT-2023-23952 · Autolab · Autolab
Name of the Vulnerable Software and Affected Versions: Autolab versions prior to 2.11.0 Description: A Tar slip vulnerability was found in the Install assessment functionality of Autolab, a course management service for auto-graded programming assignments. To exploit this issue, an authenticated...
CVE-2022-41955 Autolab is vulnerable to remote code execution (RCE) via MOSS functionality
Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's MOSS functionalit...
CVE-2022-39367 Vulnerability in handling of uploaded QTI ZIP files
QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files int...
Labtainers - A Docker-based Cyber Lab Framework
Labtainers include more than 50 cyber lab exercises and tools to build your own. Import a single VM appliance or install on a Linux system and your students are done with provisioning and administrative setup, for these and future lab exercises. Consistent lab execution environments and automated...
Moodle allows attackers to modify "Exclude grade" settings
The grade-reporting feature in Singleview aka Single View in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify "Exclude grade" settings by leveraging the Non-Editing...
CVE-2020-11511
The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter...
Tutor LMS < 1.9.2 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin did not escape the Summary field of Announcements when outputting it in an attribute, which can be created by users as low as Tutor Instructor. This lead to a Stored Cross-Site Scripting issue, which is triggered when viewing the Announcements list, and could result in privilege...
Weak password vulnerability in School of Continuing Education's online learning video system
Online video learning system has weak passwords for instructor accounts url: http://61.129.84.42:86/login.aspx?errtype=1 weak password account: teacher weak password password: 123456...
CVE-2020-13146
Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in CourseInstructorCohorts may contain a formula that is exported via the "CourseData DownloadsReportsDownload profile info" feature...
LearnPress < 3.2.6.9 - Privilege Escalation to "LP Instructor"
The LearnPress plugin through 3.2.6.8 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter. The "LP Instructor" role grants the "unfilteredhtml" capability, allowing an escalated user to insert posts containing...
LearnPress < 3.2.6.7 - Privilege Escalation
Any authenticated user can change its role to an instructor/teacher and gain access to otherwise restricted data...
Applied ThreadFix: Getting the Most Out of Your Training Investment
As we talked about in an earlier blog post, secure coding training for developers can be expensive. Knowledgeable individuals who are adept at training are relatively rare. Quality training materials are expensive to develop and maintain. For these reasons, solid commercial instructor-led trainin...
WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
Exploit Title: Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery Add User Date: 2020-01-30 Vendor Homepage: https://www.themeum.com/product/tutor-lms/ Vendor Changelog: https://wordpress.org/plugins/tutor/developers Exploit Author: Jinson Varghese Behanan Author Advisory:...
CVE-2020-8615
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions such as blocking legitimate instructors...
CVE-2020-8615
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions such as blocking legitimate instructors...
CVE-2020-8615
A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions such as blocking legitimate instructors...
Tutor LMS < 1.5.3 - Cross-Site Request Forgery (CSRF)
Tutor LMS WordPress plugin is vulnerable to Cross-Site Request Forgery CSRF attacks. As the requests for the approval and blocking of instructors are sent using the GET method, the CSRF attack to approve an attacker-controlled instructor account can be performed by having the admin visit...
Tutor LMS < 1.5.3 - Cross-Site Request Forgery (CSRF)
Tutor LMS WordPress plugin is vulnerable to Cross-Site Request Forgery CSRF attacks. PoC As the requests for the approval and blocking of instructors are sent using the GET method, the CSRF attack to approve an attacker-controlled instructor account can be performed by having the admin visit...
Design/Logic Flaw
ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/core/backups/upload.php aka backup component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...