Lucene search
K

11 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-2748

Malicious code in bioql PyPI...

4CVSS7.3AI score0.01687EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.19 views

Moodle allows attackers to obtain sensitive course-structure information

lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment...

4CVSS5.9AI score0.01687EPSS
Exploits0References11Affected Software1
Huntr
Huntr
added 2022/04/27 4:26 a.m.14 views

Cross-site Scripting (XSS) - Stored via htm file upload

Description rosariosis is vulnerable to Stored XSS in the File upload in Assignments by uploading an htm file with the javascript code inside. Proof-of-Concept phish.htm Test Upload File Test upload alert1 Step to reproduce From attacker side student 1.Login to the demo environment by student...

6.1AI score
Exploits0
Hacker One
Hacker One
added 2021/05/26 4:19 p.m.15 views

Khan Academy: Enumerate all the class codes via google dorking

I used this particular google dork site:khanacademy.org/join/ to enumerate all the links of joining classes. 1. Go to google and use the above query to enumerate all of them. 2. Create the student account by filling all the required details 3. Now you're in the class without being actually invite...

2.4AI score
Exploits0
Huntr
Huntr
added 2021/05/18 1:29 p.m.19 views

Cross-site Scripting (XSS) - Stored in changeweb/unifiedtransform

✍️ Description Stored Cross Site Scripting in the message/all.blade.php. 🕵️‍♂️ Proof of Concept As a teacher, click on "My Courses" and then "message students". CKEditor hides the underlying where we can add tag or capture the request in a proxy like burpsuite and edit the HTTP POST request. Select...

Exploits0
Hacker One
Hacker One
added 2021/01/15 3:41 p.m.23 views

Mail.ru: Full Account Takeover Student Account In https://********.ru/signin/main/student/email

3rd party project with Mail.ru investitions had no sufficient protection against authentication code bruteforce...

2AI score
Exploits0
0day.today
0day.today
added 2020/03/03 12:0 a.m.140 views

GUnet OpenEclass 1.7.3 E-learning platform - (month) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link:...

0.1AI score
Exploits0
Exploit DB
Exploit DB
added 2016/03/30 12:0 a.m.32 views

ATutor 2.2.1 - Directory Traversal / Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'ATutor 2.2.1 Directory Traversal / Remote Code Execution', 'Description' = %q This module exploits a directory traversal...

7.4AI score
Exploits0
Metasploit
Metasploit
added 2016/03/22 5:17 p.m.51 views

ATutor 2.2.1 Directory Traversal / Remote Code Execution

This module exploits a directory traversal vulnerability in ATutor on an Apache/PHP setup with displayerrors set to On, which can be used to allow us to upload a malicious ZIP file. On the web application, a blacklist verification is performed before extraction, however it is not sufficient to...

7.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2015/08/07 12:0 a.m.6 views

The vulnerability of the Moodle learning management system allows a perpetrator to gain access to protected information.

The vulnerability of the Moodle learning management system’s sub-component, lib/navigationlib.php, is related to the lack of protection for operational data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to protected information using the student...

4CVSS7.2AI score0.01687EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2015/06/01 7:59 p.m.14 views

Design/Logic Flaw

lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment...

4CVSS6.2AI score0.01687EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder