15 matches found
EUVD-2017-12228
Malware in sbrugna...
U.S. General Services Administration: IDOR at training.smartpay.gsa.gov/reports/quizzes-taken-by-user
Hey, I found an IDOR that allow anyone view other user result by changing USERID parameter. /reports/quizzes-taken-by-user.csv/USERID Step to Produce: Go to the Section quizzes-taken-by-user as Shown in the Screenshot attached. Step 2: Click on Download CSV. Step 3 Intercept the Request using the...
Adobe Captivate Remote Code Execution Vulnerability
Adobe Captivate is a rapid response authoring tool for creating eLearning content such as software demos, software simulations, branching scenarios and randomized quizzes in .swf and HTML5 formats. A remote code execution vulnerability exists in the quiz reporting feature of Adobe Captivate, whic...
CVE-2017-3087
Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate...
CVE-2017-3098
Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server...
Information disclosure
Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate...
Remote code execution
Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server...
CVE-2017-3087
Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate...
CVE-2017-3098
Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server...
CVE-2017-3098
Adobe Captivate versions 9 and earlier have a remote code execution vulnerability in the quiz reporting feature that could be abused to read and write arbitrary files to the server...
CVE-2017-3087
Adobe Captivate
CVE-2017-3087
Adobe Captivate versions 9 and earlier have an information disclosure vulnerability resulting from abuse of the quiz reporting feature in Captivate...
CVE-2017-3098
Adobe Captivate
Adobe Captivate Quiz Reporting Feature 'internalServerReporting.php' File Upload RCE
The Adobe Captivate application running on the remote web server is affected by a remote code execution vulnerability in the quiz reporting feature within the 'internalServerReporting.php' script due to improper sanitization and verification of uploaded files before placing them in a...
Moodle 'mod/quiz/report/statistics/statistics_question_table.php' cross-site scripting vulnerability
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A cross-site scripting vulnerability exists in the Moodle 'mod/quiz/report/statistics/statisticsquestiontable.php' script. A remote...