Lucene search
K

183 matches found

CVE
CVE
added 2023/05/26 10:42 p.m.40 views

CVE-2023-32317

Autolab’s CVE-2023-32317 describes a tar-slip vulnerability in the MOSS cheat checker. An authenticated instructor can upload a crafted tar file via either the Base File Tar or Additional file archive inputs, causing expansion of archive contents to attacker-controlled paths (e.g., ../../../../tm...

7.2CVSS6.7AI score0.00887EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/26 12:0 a.m.4 views

PT-2023-23952 · Autolab · Autolab

Name of the Vulnerable Software and Affected Versions: Autolab versions prior to 2.11.0 Description: A Tar slip vulnerability was found in the Install assessment functionality of Autolab, a course management service for auto-graded programming assignments. To exploit this issue, an authenticated...

7.2CVSS6.7AI score0.00906EPSS
Exploits0References7
Cvelist
Cvelist
added 2023/01/14 12:9 a.m.37 views

CVE-2022-41955 Autolab is vulnerable to remote code execution (RCE) via MOSS functionality

Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's MOSS functionalit...

8.8CVSS9.2AI score0.01495EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/10/28 12:0 a.m.7 views

CVE-2022-39367 Vulnerability in handling of uploaded QTI ZIP files

QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files int...

8.6CVSS7.2AI score0.00951EPSS
Exploits1References3
Kitploit
Kitploit
added 2022/05/30 9:30 p.m.44 views

Labtainers - A Docker-based Cyber Lab Framework

Labtainers include more than 50 cyber lab exercises and tools to build your own. Import a single VM appliance or install on a Linux system and your students are done with provisioning and administrative setup, for these and future lab exercises. Consistent lab execution environments and automated...

7.5AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.22 views

Moodle allows attackers to modify "Exclude grade" settings

The grade-reporting feature in Singleview aka Single View in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify "Exclude grade" settings by leveraging the Non-Editing...

4.3CVSS6.3AI score0.01614EPSS
Exploits0References13Affected Software1
OSV
OSV
added 2021/07/30 2:15 p.m.4 views

CVE-2020-11511

The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter...

8.1CVSS5.8AI score0.03209EPSS
Exploits5References4
wpexploit
wpexploit
added 2021/06/28 12:0 a.m.438 views

Tutor LMS < 1.9.2 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin did not escape the Summary field of Announcements when outputting it in an attribute, which can be created by users as low as Tutor Instructor. This lead to a Stored Cross-Site Scripting issue, which is triggered when viewing the Announcements list, and could result in privilege...

3.5CVSS0.6AI score0.00747EPSS
Exploits2
CNVD
CNVD
added 2020/07/10 12:0 a.m.2 views

Weak password vulnerability in School of Continuing Education's online learning video system

Online video learning system has weak passwords for instructor accounts url: http://61.129.84.42:86/login.aspx?errtype=1 weak password account: teacher weak password password: 123456...

7.2AI score
Exploits0
NVD
NVD
added 2020/05/18 7:15 p.m.15 views

CVE-2020-13146

Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in CourseInstructorCohorts may contain a formula that is exported via the "CourseData DownloadsReportsDownload profile info" feature...

8.8CVSS8.8AI score0.0109EPSS
Exploits1References1
WPVulnDB
WPVulnDB
added 2020/04/28 12:0 a.m.33 views

LearnPress < 3.2.6.9 - Privilege Escalation to "LP Instructor"

The LearnPress plugin through 3.2.6.8 for WordPress allows remote attackers to escalate the privileges of any user to LP Instructor via the accept-to-be-teacher action parameter. The "LP Instructor" role grants the "unfilteredhtml" capability, allowing an escalated user to insert posts containing...

4.2AI score0.03209EPSS
Exploits5References1Affected Software1
WPVulnDB
WPVulnDB
added 2020/03/16 12:0 a.m.21 views

LearnPress < 3.2.6.7 - Privilege Escalation

Any authenticated user can change its role to an instructor/teacher and gain access to otherwise restricted data...

4CVSS4.1AI score0.01116EPSS
Exploits0Affected Software1
The Coalfire Blog
The Coalfire Blog
added 2020/03/06 1:54 a.m.11 views

Applied ThreadFix: Getting the Most Out of Your Training Investment

As we talked about in an earlier blog post, secure coding training for developers can be expensive. Knowledgeable individuals who are adept at training are relatively rare. Quality training materials are expensive to develop and maintain. For these reasons, solid commercial instructor-led trainin...

3AI score
Exploits0
Exploit DB
Exploit DB
added 2020/03/02 12:0 a.m.192 views

WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)

Exploit Title: Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery Add User Date: 2020-01-30 Vendor Homepage: https://www.themeum.com/product/tutor-lms/ Vendor Changelog: https://wordpress.org/plugins/tutor/developers Exploit Author: Jinson Varghese Behanan Author Advisory:...

6.5CVSS6.5AI score0.0883EPSS
Exploits6
OSV
OSV
added 2020/02/04 8:15 p.m.18 views

CVE-2020-8615

A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions such as blocking legitimate instructors...

6.5CVSS6.8AI score0.0883EPSS
Exploits6References5
NVD
NVD
added 2020/02/04 8:15 p.m.32 views

CVE-2020-8615

A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions such as blocking legitimate instructors...

6.5CVSS6.5AI score0.0883EPSS
Exploits6References5
Cvelist
Cvelist
added 2020/02/04 7:1 p.m.33 views

CVE-2020-8615

A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker approving themselves as an instructor and performing other malicious actions such as blocking legitimate instructors...

6.5AI score0.0883EPSS
Exploits6References5
wpexploit
wpexploit
added 2020/02/04 12:0 a.m.36 views

Tutor LMS < 1.5.3 - Cross-Site Request Forgery (CSRF)

Tutor LMS WordPress plugin is vulnerable to Cross-Site Request Forgery CSRF attacks. As the requests for the approval and blocking of instructors are sent using the GET method, the CSRF attack to approve an attacker-controlled instructor account can be performed by having the admin visit...

2.6CVSS0.9AI score0.0883EPSS
Exploits6References2
WPVulnDB
WPVulnDB
added 2020/02/04 12:0 a.m.19 views

Tutor LMS < 1.5.3 - Cross-Site Request Forgery (CSRF)

Tutor LMS WordPress plugin is vulnerable to Cross-Site Request Forgery CSRF attacks. PoC As the requests for the approval and blocking of instructors are sent using the GET method, the CSRF attack to approve an attacker-controlled instructor account can be performed by having the admin visit...

2.6CVSS0.5AI score0.0883EPSS
Exploits6References2Affected Software1
Prion
Prion
added 2019/05/17 10:29 p.m.19 views

Design/Logic Flaw

ATutor through 2.2.4 is vulnerable to arbitrary file uploads via the mods/core/backups/upload.php aka backup component. This may result in remote command execution. An attacker can use the instructor account to fully compromise the system using a crafted backup ZIP archive. This will allow for PH...

9CVSS9AI score0.08749EPSS
Exploits3References3Affected Software1
Rows per page
Query Builder