Adaptive Technology Resource Centre

Atutor

14 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.6

CVE-2005-2955

Exploit
  • EPSS 0.09%
  • Veröffentlicht 16.09.2005 22:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executa...

5

CVE-2005-2956

Exploit
  • EPSS 3.57%
  • Veröffentlicht 16.09.2005 22:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to tho...

4.3

CVE-2005-2649

Exploit
  • EPSS 0.66%
  • Veröffentlicht 23.08.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php.

4.3

CVE-2005-2044

Exploit
  • EPSS 1.23%
  • Veröffentlicht 16.06.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to...