CVE-2021-41242

OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...

CVE-2021-41242

OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...

CVE-2021-39180

OpenOLAT is a web-based learning management system LMS. A path traversal vulnerability exists in versions prior to 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user e.g. the tomcat user. Depending...

CVE-2021-39180

OpenOLAT is affected by a path traversal vulnerability (CVE-2021-39180) in versions before 15.3.18, 15.5.3, and 16.0.0. An attacker with an OpenOLAT user account can upload a specially crafted ZIP and trigger unzip, enabling overwriting files writable by the application server user (e.g., Tomcat)...

MULTIPLE ARBITRARY INFORMATION DISCLOSURE AND EDITION --ILIAS LMS <= 3.10.7/3.9.9-->

-------------------------------------------------------------------------------------- MULTIPLE ARBITRARY INFORMATION DISCLOSURE AND EDITION --ILIAS LMS = 3.10.7/3.9.9-- -------------------------------------------------------------------------------------- CMS INFORMATION: --WEB:...