Lucene search
K

130 matches found

Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.5 views

PT-2023-21082 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns missing authentication in the StudentPopupDetails ContactDetails method, allowing unauthenticated attackers to extract sensitive student data. Recommendations: For...

7.5CVSS7.4AI score0.00695EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.4 views

PT-2023-21038 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns missing authentication in the GetAssignmentsDue method, allowing unauthenticated attackers to extract sensitive student and teacher data. Recommendations: For...

7.5CVSS7.4AI score0.00508EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.6 views

PT-2023-21037 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns missing authentication in the GetStudentGroupStudents method, allowing unauthenticated attackers to retrieve student and teacher data. Recommendations: For IDWeb...

7.5CVSS7.2AI score0.00508EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.3 views

PT-2023-21084 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue is related to missing authentication in the StudentPopupDetails EmergencyContactDetails method, allowing unauthenticated attackers to extract sensitive student data...

7.5CVSS7.4AI score0.00695EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.4 views

PT-2023-21036 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns missing authentication in the GetActiveToiletPasses method, allowing unauthenticated attackers to retrieve student information. Recommendations: For versions 3.1.0...

7.5CVSS7.5AI score0.00695EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.8 views

PT-2023-21083 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns missing authentication in the StudentPopupDetails StudentDetails method, allowing unauthenticated attackers to extract sensitive student data. Recommendations: For...

7.5CVSS7.4AI score0.00695EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/10/25 12:0 a.m.6 views

PT-2023-20742 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue is related to missing authentication in the SearchStudentsRFID method, allowing unauthenticated attackers to extract sensitive student data. Recommendations: For versions...

7.5CVSS7.3AI score0.00695EPSS
Exploits0References5
HackRead
HackRead
added 2023/09/25 4:35 p.m.32 views

900 U.S. Schools Hit by MOVEit Hack, Exposing Student Data

By Deeba Ahmed Student Data Managing Platform National Student Clearinghouse Confirmed MOVEit Hack Affected 900 US Schools. This is a post from HackRead.com Read the original post: 900 U.S. Schools Hit by MOVEit Hack, Exposing Student Data...

7AI score
Exploits0
Prion
Prion
added 2023/06/08 7:15 p.m.19 views

Improper access control

Incorrect access control in Chamilo 1.11. up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID...

4CVSS4.7AI score0.00411EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/05/30 12:0 a.m.5 views

Faronics Insight 安全漏洞

Faronics Insight is an effective classroom management tool from Faronics Canada. A security vulnerability exists in Faronics Insight version 10.0.19045, which originates from a man-in-the-middle attack executed against a connected student or teacher that can intercept a student's keystrokes or...

7.4CVSS7.3AI score0.00442EPSS
Exploits1References4
Malwarebytes
Malwarebytes
added 2023/04/06 3:0 a.m.18 views

Do cyber regulations actually make K–12 schools safer? Navigating compliance while securing school and student data

Over the last decade, K-12 schools have made great strides in employing technologies that facilitate learning--especially since the onset of pandemic-induced distance education. While students have long since returned to the classroom, digital platforms for instruction, collaboration, and homewor...

7.3AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/09/29 3:15 a.m.4 views

CVE-2021-40695

It was possible for a student to view their quiz grade before it had been released, using a quiz web service...

4.3CVSS5.7AI score0.00853EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/08/22 3:15 p.m.2 views

CVE-2022-2312

The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it...

5.4CVSS5.9AI score0.00254EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/08/15 8:37 a.m.35 views

CVE-2022-2379 Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc...

7.5AI score0.02801EPSS
Exploits2References1
OSV
OSV
added 2022/06/09 4:15 p.m.6 views

CVE-2022-30760

An Insecure Direct Object Reference IDOR issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information final grades, study courses, degrees by changing the student ID parameter in the HTTP POST request to the FrontControllerSS...

4.3CVSS5.9AI score0.00904EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/06/09 4:15 p.m.4 views

CVE-2022-30760

An Insecure Direct Object Reference IDOR issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information final grades, study courses, degrees by changing the student ID parameter in the HTTP POST request to the FrontControllerSS...

4.3CVSS5.9AI score0.00904EPSS
Exploits1References3
Huntr
Huntr
added 2022/04/17 4:58 a.m.19 views

Improper Access Control on view student list

Description lavsms system provide a feature for teachers to view any student in the systems. The problem is when student also can view the student's list. They also can download the list in pdf or excel. Proof of Concept 1. GET http://lavsms.test/students/list/id Step to reproduce 1. Login as...

1AI score
Exploits0
Prion
Prion
added 2021/08/23 12:15 p.m.17 views

Code injection

The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades...

5CVSS7.6AI score0.01625EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2021/08/23 12:0 a.m.6 views

WordPress 插件跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. WordPress plugin LMS by LifterLMS â€" Online Course, Membership & Learning Management System Versions prior to 4.21....

7.5CVSS7.1AI score0.01625EPSS
Exploits2References2
OSV
OSV
added 2021/05/24 1:15 p.m.3 views

CVE-2020-25408

A Cross-Site Request Forgery CSRF vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student, faculty, teacher, subject, scores, location, and article data...

6.5CVSS6.7AI score0.00781EPSS
Exploits0References2
Rows per page
Query Builder