Lucene search
K
Adaptive Technology Resource CentreAtutor

14 matches found

CVE
CVE
added 2005/09/16 4:0 a.m.65 views

CVE-2005-2956

ATutor 1.5.1 (and possibly earlier) stores temporary chat logs under the web document root with insufficient access control and predictable filenames, allowing remote attackers to obtain user chat conversations via direct requests to those files. This CVE entry contains the core detail; no exploi...

5CVSS7.2AI score0.0287EPSS
CVE
CVE
added 2006/11/06 6:0 p.m.64 views

CVE-2006-5734

The CVE-2006-5734 entry describes multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2, exploitable via untrusted URLs passed to specific parameters (1) section in documentation/common/frame_toc.php and documentation/common/search.php; (2) req_lang in documentation/common/search.p...

7.5CVSS7.5AI score0.01381EPSS
Web
CVE
CVE
added 2005/08/21 4:0 a.m.63 views

CVE-2005-2649

CVE-2005-2649 describes a cross-site scripting (XSS) vulnerability in ATutor 1.5.1 that allows remote attackers to inject arbitrary script or HTML via the parameters course in login.php or words in search.php. The CVE is cited with a base score of 4.3 (Medium) on the NVD entry, and multiple conne...

4.3CVSS5.7AI score0.03579EPSS
CVE
CVE
added 2005/11/01 11:0 a.m.61 views

CVE-2005-3403

ATutor

4.3CVSS5.8AI score0.01888EPSS
CVE
CVE
added 2006/07/17 9:0 p.m.56 views

CVE-2006-3662

ATutor 1.5.3 contains a SQL injection in index.php via the fid parameter that could allow remote execution of arbitrary SQL commands. The vendor disputes the vulnerability, but source code analysis suggests it may be legitimate; the parameter is cleansed in version 1.5.3.1. Affected version: ATut...

7.5CVSS8.8AI score0.01226EPSS
CVE
CVE
added 2005/09/16 4:0 a.m.55 views

CVE-2005-2954

CVE-2005-2954 corresponds to an SQL injection vulnerability in ATutor’s password_reminder.php, exploitable via the email field and affecting ATutor prior to 1.5.1 pl1. The issue is described as an input validation flaw in the remote version of ATutor, enabling attackers to manipulate SQL queries....

7.5CVSS8.4AI score0.01748EPSS
CVE
CVE
added 2005/11/01 11:0 a.m.54 views

CVE-2005-3404

CVE-2005-3404 : ATutor versions 1.4.1–1.5.1-pl1 are affected by multiple PHP file inclusion vulnerabilities. An attacker can cause remote inclusion of arbitrary files via the section parameter (with a null byte %00) in body_header.inc.php and print.php. This corresponds to an arbitrary file inclu...

7.5CVSS7AI score0.10319EPSS
CVE
CVE
added 2007/01/19 11:0 p.m.54 views

CVE-2007-0381

ATutor 1.5.3.2 contains multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands via unspecified parameters. The underlying issue is not detailed in the provided documents beyond the vendor-fixed note; no exploitation details are given. The CVE entry in...

7.5CVSS8.6AI score0.01063EPSS
CVE
CVE
added 2005/12/11 2:0 a.m.50 views

CVE-2005-4155

CVE-2005-4155 affects ATutor 1.5.1 pl2: registration.PHP permits remote SQL execution via an e-mail address ending with a NULL character that bypasses the PHP regex check. Root cause: input crafted to defeat validation, enabling arbitrary SQL commands. Impact is remote compromise of ATutor via th...

7.5CVSS8.4AI score0.02678EPSS
CVE
CVE
added 2006/07/10 8:0 p.m.49 views

CVE-2006-3484

ATutor before 1.5.3 is affected by multiple cross-site scripting (XSS) vulnerabilities. The issues allow remote attackers to inject arbitrary web script or HTML via specific parameters: show_courses or current_cat to admin/create_course.php; show_courses to users/create_course.php; p to documenta...

2.6CVSS6AI score0.02643EPSS
Web
CVE
CVE
added 2006/07/25 12:0 a.m.49 views

CVE-2006-3821

ATutor 1.5.3 is affected by multiple XSS flaws (CVE-2006-3821). The vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index_list.php and (2) year, (3) month, and (4) day parameters in registration.php. The NVD entry reports a CVSS v2 base ...

4.3CVSS6AI score0.01325EPSS
CVE
CVE
added 2005/06/22 4:0 a.m.48 views

CVE-2005-2044

CVE-2005-2044 affects ATutor (versions 1.4.3 and 1.5 RC1) with multiple reflected cross-site scripting (XSS) flaws. The vulnerability enables remote attackers to inject arbitrary web script or HTML through a long list of parameters across several pages: show_course (browse.php), subject (contact....

4.3CVSS6AI score0.02908EPSS
Web
CVE
CVE
added 2005/09/16 4:0 a.m.47 views

CVE-2005-2955

ATutor 1.5.1 (and possibly earlier) is affected by CVE-2005-2955 due to an incomplete blacklist in config.inc.php that fails to block dangerous file extensions during upload, allowing authenticated administrators/educators to execute arbitrary code by uploading files with extensions like .inc or ...

4.6CVSS7.9AI score0.00777EPSS
CVE
CVE
added 2006/08/05 12:0 a.m.43 views

CVE-2006-3996

CVE-2006-3996 affects ATutor 1.5.3.1 and earlier in the file links/index.php. The vulnerability is an SQL injection in the desc and asc parameters, allowing remote authenticated users to execute arbitrary SQL commands. The NVD records a CVSS v2 base score of 6.5 (MEDIUM) with network attack vecto...

6.5CVSS8.4AI score0.01725EPSS
Web