CVE-2007-5227

Multiple cross-site scripting XSS vulnerabilities in messaging/course/composeMessage.jsp in BlackBoard Learning System 6.3.1.593 and earlier in BlackBoard Academic Suite allow remote attackers to inject arbitrary web script or HTML via the 1 subjectt and 2 bodytext parameters. NOTE: vector 2...

CVE-2007-5227

Affected software: Blackboard Learning System 6.3.1.593 and earlier Blackboard Academic Suite. Vulnerability: cross-site scripting in messaging/course/composeMessage.jsp; exploitable via the subject_t and body_text parameters (vector 2 bypasses a client-side filter). Impact: allows remote attacke...

blsXSS.txt

----------------------------------------------------------------------------------------- Found by: PrOtOn & digi7al64 Date: May 20th 2006 Critical Level: High Type: Multiple Cross Site Scripting XSS vunerabilities...

CVE-2006-4308

CVE-2006-4308 describes multiple cross-site scripting (XSS) vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4. The issue allows remote attackers to inject arbitrary Javascript, VBScript, or HTML via (1) data, (2) vbscr...

CVE-2006-4308

Multiple cross-site scripting XSS vulnerabilities in Blackboard Learning System 6, Blackboard Learning and Community Portal Suite 6.2.3.23, and Blackboard Vista 4 allow remote attackers to inject arbitrary Javascript, VBScript, or HTML via 1 data, 2 vbscript, and 3 malformed javascript URIs in...

CVE-2005-4338

The CVE-2005-4338 entry affects Blackboard Learning and Community Portal System (Academic Suite) versions 6.3.1.424, 6.2.3.23, and earlier 6.x. The vulnerability, as described in multiple feeds, allows remote attackers to gain administrator privileges by setting the context parameter to "admin". ...

CVE-2005-4206

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to...

CVE-2005-4206

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to...

blackboardLS.txt

Advisory: Blackboard Learning System - Stealing documents out of the digital dropbox ========================================================================== Blackboard ---------- The Blackboard Learning System is a Web-based server software platform that offers course management. More...

Blackboard Learning System - Stealing documents out of the digital dropbox

Advisory: Blackboard Learning System - Stealing documents out of the digital dropbox ========================================================================== Blackboard ---------- The Blackboard Learning System is a Web-based server software platform that offers course management. More...

BlackBoard Learning System 6.0 - Dropbox File Download

source: https://www.securityfocus.com/bid/10515/info It is reported that Blackboard improperly allows users to download files posted in the 'Digital Dropbox'. Files in the dropbox are intended for the course administrators. The application does not verify that the files requested for download are...

BlackBoard Learning System 6.0 - Dropbox File Download

BlackBoard Learning System 6.0 - Dropbox File Download source: https://www.securityfocus.com/bid/10515/info It is reported that Blackboard improperly allows users to download files posted in the 'Digital Dropbox'. Files in the dropbox are intended for the course administrators. The application do...

BlackBoard Learning System 5.x/6.0 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/10101/info Blackboard Learning System has been reported prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly validate user supplied URI input. The first issue is reported to affect the...

Blackboard 5.x Password Retrieval

-- Overview Through the exploitation of a SQL injection vulnerability it is possible for an unauthenticated user to query the Blackboard user directory and: - Enumerate users with a given password. - Extract the MD5 password of any given user. Blackboard Learning System 5.x, level 1 and 2 are...