Search criteria
28 vulnerabilities found for atutor by adaptive_technology_resource_centre
CVE-2007-0381 (GCVE-0-2007-0381)
Vulnerability from nvd – Published: 2007-01-19 23:00 – Updated: 2024-08-07 12:19
VLAI
Summary
Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://osvdb.org/34660 | vdb-entryx_refsource_OSVDB |
| http://www.atutor.ca/atutor/mantis/changelog_page.php | x_refsource_MISC |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://www.hackers.ir/advisories/festival.txt | x_refsource_MISC |
Date Public
2007-01-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:29.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.atutor.ca/atutor/mantis/changelog_page.php"
},
{
"name": "20070118 The vulnerabilities festival !",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hackers.ir/advisories/festival.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-13T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.atutor.ca/atutor/mantis/changelog_page.php"
},
{
"name": "20070118 The vulnerabilities festival !",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hackers.ir/advisories/festival.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34660",
"refsource": "OSVDB",
"url": "http://osvdb.org/34660"
},
{
"name": "http://www.atutor.ca/atutor/mantis/changelog_page.php",
"refsource": "MISC",
"url": "http://www.atutor.ca/atutor/mantis/changelog_page.php"
},
{
"name": "20070118 The vulnerabilities festival !",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"name": "http://www.hackers.ir/advisories/festival.txt",
"refsource": "MISC",
"url": "http://www.hackers.ir/advisories/festival.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0381",
"datePublished": "2007-01-19T23:00:00.000Z",
"dateReserved": "2007-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:19:29.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5734 (GCVE-0-2006-5734)
Vulnerability from nvd – Published: 2006-11-06 18:00 – Updated: 2024-08-07 20:04
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php, and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php. NOTE: the print.php vector is already covered by CVE-2005-3404.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/1823 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/20634 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/449233/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-10-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:54.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "atutor-section-file-include(29693)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29693"
},
{
"name": "1823",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1823"
},
{
"name": "20634",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20634"
},
{
"name": "20061019 ATutor 1.5.3.2=\u003e Remote File Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449233/100/200/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php, and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php. NOTE: the print.php vector is already covered by CVE-2005-3404."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "atutor-section-file-include(29693)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29693"
},
{
"name": "1823",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1823"
},
{
"name": "20634",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20634"
},
{
"name": "20061019 ATutor 1.5.3.2=\u003e Remote File Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449233/100/200/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php, and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php. NOTE: the print.php vector is already covered by CVE-2005-3404."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "atutor-section-file-include(29693)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29693"
},
{
"name": "1823",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1823"
},
{
"name": "20634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20634"
},
{
"name": "20061019 ATutor 1.5.3.2=\u003e Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449233/100/200/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5734",
"datePublished": "2006-11-06T18:00:00.000Z",
"dateReserved": "2006-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:04:54.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3996 (GCVE-0-2006-3996)
Vulnerability from nvd – Published: 2006-08-05 00:00 – Updated: 2024-08-07 18:48
VLAI
Summary
SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/21308 | third-party-advisoryx_refsource_SECUNIA |
| http://retrogod.altervista.org/atutor_1531_sql.html | x_refsource_MISC |
| http://securityreason.com/securityalert/1330 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/19232 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://atutor.ca/news.php#010806 | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2006/3074 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/27665 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/441711/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.exploit-db.com/exploits/2088 | exploitx_refsource_EXPLOIT-DB |
Date Public
2006-07-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21308"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/atutor_1531_sql.html"
},
{
"name": "1330",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1330"
},
{
"name": "19232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19232"
},
{
"name": "atutor-orderby-sql-injection(28082)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28082"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://atutor.ca/news.php#010806"
},
{
"name": "ADV-2006-3074",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3074"
},
{
"name": "27665",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27665"
},
{
"name": "20060730 ATutor \u003c= 1.5.3.1 \u0027links\u0027 blind SQL injection / admin credentials disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/441711/100/0/threaded"
},
{
"name": "2088",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2088"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21308"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/atutor_1531_sql.html"
},
{
"name": "1330",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1330"
},
{
"name": "19232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19232"
},
{
"name": "atutor-orderby-sql-injection(28082)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28082"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://atutor.ca/news.php#010806"
},
{
"name": "ADV-2006-3074",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3074"
},
{
"name": "27665",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27665"
},
{
"name": "20060730 ATutor \u003c= 1.5.3.1 \u0027links\u0027 blind SQL injection / admin credentials disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/441711/100/0/threaded"
},
{
"name": "2088",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2088"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21308"
},
{
"name": "http://retrogod.altervista.org/atutor_1531_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/atutor_1531_sql.html"
},
{
"name": "1330",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1330"
},
{
"name": "19232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19232"
},
{
"name": "atutor-orderby-sql-injection(28082)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28082"
},
{
"name": "http://atutor.ca/news.php#010806",
"refsource": "MISC",
"url": "http://atutor.ca/news.php#010806"
},
{
"name": "ADV-2006-3074",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3074"
},
{
"name": "27665",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27665"
},
{
"name": "20060730 ATutor \u003c= 1.5.3.1 \u0027links\u0027 blind SQL injection / admin credentials disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441711/100/0/threaded"
},
{
"name": "2088",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2088"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3996",
"datePublished": "2006-08-05T00:00:00.000Z",
"dateReserved": "2006-08-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:48:39.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3821 (GCVE-0-2006-3821)
Vulnerability from nvd – Published: 2006-07-25 00:00 – Updated: 2024-08-07 18:48
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/displayvuln.php?osvdb_id=28187 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/439873/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/439522 | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/21008 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/28186 | vdb-entryx_refsource_OSVDB |
Date Public
2006-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28187",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=28187"
},
{
"name": "atutor-registration-xss(27619)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27619"
},
{
"name": "20060711 Re: ATutor 1.5.3 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439873/100/100/threaded"
},
{
"name": "20060708 ATutor 1.5.3 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439522"
},
{
"name": "21008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21008"
},
{
"name": "28186",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28187",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=28187"
},
{
"name": "atutor-registration-xss(27619)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27619"
},
{
"name": "20060711 Re: ATutor 1.5.3 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439873/100/100/threaded"
},
{
"name": "20060708 ATutor 1.5.3 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439522"
},
{
"name": "21008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21008"
},
{
"name": "28186",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28187",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=28187"
},
{
"name": "atutor-registration-xss(27619)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27619"
},
{
"name": "20060711 Re: ATutor 1.5.3 Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439873/100/100/threaded"
},
{
"name": "20060708 ATutor 1.5.3 Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439522"
},
{
"name": "21008",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21008"
},
{
"name": "28186",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3821",
"datePublished": "2006-07-25T00:00:00.000Z",
"dateReserved": "2006-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:48:39.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3662 (GCVE-0-2006-3662)
Vulnerability from nvd – Published: 2006-07-17 21:00 – Updated: 2024-08-07 18:39 Disputed
VLAI
Summary
SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/28188 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/18898 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/440837/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/439873/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "atutor-index-sql-injection(27620)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27620"
},
{
"name": "20060708 ATutor 1.5.3 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0096.html"
},
{
"name": "28188",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28188"
},
{
"name": "18898",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18898"
},
{
"name": "20060721 Re: ATutor 1.5.3 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440837/100/100/threaded"
},
{
"name": "20060711 Re: ATutor 1.5.3 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439873/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states \"The mentioned SQL injection vulnerability is not possible.\" However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "atutor-index-sql-injection(27620)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27620"
},
{
"name": "20060708 ATutor 1.5.3 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0096.html"
},
{
"name": "28188",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28188"
},
{
"name": "18898",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18898"
},
{
"name": "20060721 Re: ATutor 1.5.3 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440837/100/100/threaded"
},
{
"name": "20060711 Re: ATutor 1.5.3 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439873/100/100/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states \"The mentioned SQL injection vulnerability is not possible.\" However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "atutor-index-sql-injection(27620)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27620"
},
{
"name": "20060708 ATutor 1.5.3 Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0096.html"
},
{
"name": "28188",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28188"
},
{
"name": "18898",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18898"
},
{
"name": "20060721 Re: ATutor 1.5.3 Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440837/100/100/threaded"
},
{
"name": "20060711 Re: ATutor 1.5.3 Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439873/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3662",
"datePublished": "2006-07-17T21:00:00.000Z",
"dateReserved": "2006-07-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:39:53.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3484 (GCVE-0-2006-3484)
Vulnerability from nvd – Published: 2006-07-10 20:00 – Updated: 2024-08-07 18:30
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) users/create_course.php, (3) p parameter to (c) documentation/admin/, (4) forgot parameter to (d) password_reminder.php, (5) cat parameter to (e) users/browse.php, or the (6) submit parameter to admin/fix_content.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/2691 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/27021 | vdb-entryx_refsource_OSVDB |
| http://www.atutor.ca/view/3/8341/1.html | x_refsource_CONFIRM |
| http://secunia.com/advisories/20941 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/27020 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/27023 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/27022 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/18857 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/27019 | vdb-entryx_refsource_OSVDB |
Date Public
2006-07-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:33.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-2691",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2691"
},
{
"name": "27021",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27021"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.atutor.ca/view/3/8341/1.html"
},
{
"name": "20941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20941"
},
{
"name": "27020",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27020"
},
{
"name": "27023",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27023"
},
{
"name": "27022",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27022"
},
{
"name": "18857",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18857"
},
{
"name": "27019",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) users/create_course.php, (3) p parameter to (c) documentation/admin/, (4) forgot parameter to (d) password_reminder.php, (5) cat parameter to (e) users/browse.php, or the (6) submit parameter to admin/fix_content.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-07-15T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-2691",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2691"
},
{
"name": "27021",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27021"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.atutor.ca/view/3/8341/1.html"
},
{
"name": "20941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20941"
},
{
"name": "27020",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27020"
},
{
"name": "27023",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27023"
},
{
"name": "27022",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27022"
},
{
"name": "18857",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18857"
},
{
"name": "27019",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) users/create_course.php, (3) p parameter to (c) documentation/admin/, (4) forgot parameter to (d) password_reminder.php, (5) cat parameter to (e) users/browse.php, or the (6) submit parameter to admin/fix_content.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2691",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2691"
},
{
"name": "27021",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27021"
},
{
"name": "http://www.atutor.ca/view/3/8341/1.html",
"refsource": "CONFIRM",
"url": "http://www.atutor.ca/view/3/8341/1.html"
},
{
"name": "20941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20941"
},
{
"name": "27020",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27020"
},
{
"name": "27023",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27023"
},
{
"name": "27022",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27022"
},
{
"name": "18857",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18857"
},
{
"name": "27019",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3484",
"datePublished": "2006-07-10T20:00:00.000Z",
"dateReserved": "2006-07-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:30:33.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4155 (GCVE-0-2005-4155)
Vulnerability from nvd – Published: 2005-12-11 02:00 – Updated: 2024-08-07 23:38
VLAI
Summary
registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://securitytracker.com/alerts/2005/Nov/1015166.html | vdb-entryx_refsource_SECTRACK |
| http://rgod.altervista.org/atutor151pl2.html | x_refsource_MISC |
| http://www.osvdb.org/20851 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/15355/ | vdb-entryx_refsource_BID |
Date Public
2005-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015166",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/alerts/2005/Nov/1015166.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rgod.altervista.org/atutor151pl2.html"
},
{
"name": "20851",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20851"
},
{
"name": "15355",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15355/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-04T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015166",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/alerts/2005/Nov/1015166.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rgod.altervista.org/atutor151pl2.html"
},
{
"name": "20851",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20851"
},
{
"name": "15355",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15355/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015166",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2005/Nov/1015166.html"
},
{
"name": "http://rgod.altervista.org/atutor151pl2.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/atutor151pl2.html"
},
{
"name": "20851",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20851"
},
{
"name": "15355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15355/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4155",
"datePublished": "2005-12-11T02:00:00.000Z",
"dateReserved": "2005-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:38:51.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3404 (GCVE-0-2005-3404)
Vulnerability from nvd – Published: 2005-11-01 11:00 – Updated: 2024-08-07 23:10
VLAI
Summary
Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=113043022821049&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2005/2228 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/16915/ | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/20346 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/20345 | vdb-entryx_refsource_OSVDB |
| http://securityreason.com/securityalert/123 | third-party-advisoryx_refsource_SREASON |
| http://securitytracker.com/id?1015165 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/15221 | vdb-entryx_refsource_BID |
| http://secunia.com/secunia_research/2005-55/advisory/ | x_refsource_MISC |
Date Public
2005-10-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051027 Secunia Research: ATutor Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113043022821049\u0026w=2"
},
{
"name": "ADV-2005-2228",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2228"
},
{
"name": "16915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16915/"
},
{
"name": "20346",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20346"
},
{
"name": "20345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20345"
},
{
"name": "123",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/123"
},
{
"name": "1015165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015165"
},
{
"name": "15221",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15221"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-55/advisory/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051027 Secunia Research: ATutor Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113043022821049\u0026w=2"
},
{
"name": "ADV-2005-2228",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2228"
},
{
"name": "16915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16915/"
},
{
"name": "20346",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20346"
},
{
"name": "20345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20345"
},
{
"name": "123",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/123"
},
{
"name": "1015165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015165"
},
{
"name": "15221",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15221"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-55/advisory/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051027 Secunia Research: ATutor Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113043022821049\u0026w=2"
},
{
"name": "ADV-2005-2228",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2228"
},
{
"name": "16915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16915/"
},
{
"name": "20346",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20346"
},
{
"name": "20345",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20345"
},
{
"name": "123",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/123"
},
{
"name": "1015165",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015165"
},
{
"name": "15221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15221"
},
{
"name": "http://secunia.com/secunia_research/2005-55/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-55/advisory/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3404",
"datePublished": "2005-11-01T11:00:00.000Z",
"dateReserved": "2005-11-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:10:08.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3403 (GCVE-0-2005-3403)
Vulnerability from nvd – Published: 2005-11-01 11:00 – Updated: 2024-08-07 23:10
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in add_note.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=113043022821049&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2005/2228 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/16915/ | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/20348 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/20349 | vdb-entryx_refsource_OSVDB |
| http://securityreason.com/securityalert/123 | third-party-advisoryx_refsource_SREASON |
| http://securitytracker.com/id?1015165 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/15221 | vdb-entryx_refsource_BID |
| http://atutor.ca/view/3/6158/1.html | x_refsource_CONFIRM |
| http://secunia.com/secunia_research/2005-55/advisory/ | x_refsource_MISC |
| http://www.osvdb.org/20347 | vdb-entryx_refsource_OSVDB |
Date Public
2005-10-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051027 Secunia Research: ATutor Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113043022821049\u0026w=2"
},
{
"name": "ADV-2005-2228",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2228"
},
{
"name": "16915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16915/"
},
{
"name": "20348",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20348"
},
{
"name": "20349",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20349"
},
{
"name": "123",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/123"
},
{
"name": "1015165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015165"
},
{
"name": "15221",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://atutor.ca/view/3/6158/1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-55/advisory/"
},
{
"name": "20347",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20347"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in add_note.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051027 Secunia Research: ATutor Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113043022821049\u0026w=2"
},
{
"name": "ADV-2005-2228",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2228"
},
{
"name": "16915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16915/"
},
{
"name": "20348",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20348"
},
{
"name": "20349",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20349"
},
{
"name": "123",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/123"
},
{
"name": "1015165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015165"
},
{
"name": "15221",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://atutor.ca/view/3/6158/1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-55/advisory/"
},
{
"name": "20347",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20347"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in add_note.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051027 Secunia Research: ATutor Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113043022821049\u0026w=2"
},
{
"name": "ADV-2005-2228",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2228"
},
{
"name": "16915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16915/"
},
{
"name": "20348",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20348"
},
{
"name": "20349",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20349"
},
{
"name": "123",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/123"
},
{
"name": "1015165",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015165"
},
{
"name": "15221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15221"
},
{
"name": "http://atutor.ca/view/3/6158/1.html",
"refsource": "CONFIRM",
"url": "http://atutor.ca/view/3/6158/1.html"
},
{
"name": "http://secunia.com/secunia_research/2005-55/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-55/advisory/"
},
{
"name": "20347",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20347"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3403",
"datePublished": "2005-11-01T11:00:00.000Z",
"dateReserved": "2005-11-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:10:08.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2955 (GCVE-0-2005-2955)
Vulnerability from nvd – Published: 2005-09-16 04:00 – Updated: 2024-08-07 22:53
VLAI
Summary
config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=112671176100432&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://rgod.altervista.org/atutor151.html | x_refsource_MISC |
Date Public
2005-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112671176100432\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rgod.altervista.org/atutor151.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112671176100432\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rgod.altervista.org/atutor151.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112671176100432\u0026w=2"
},
{
"name": "http://rgod.altervista.org/atutor151.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/atutor151.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2955",
"datePublished": "2005-09-16T04:00:00.000Z",
"dateReserved": "2005-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:53:29.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2956 (GCVE-0-2005-2956)
Vulnerability from nvd – Published: 2005-09-16 04:00 – Updated: 2024-08-07 22:53
VLAI
Summary
ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/9 | third-party-advisoryx_refsource_SREASON |
| http://marc.info/?l=bugtraq&m=112671176100432&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://rgod.altervista.org/atutor151.html | x_refsource_MISC |
| http://www.securityfocus.com/bid/14832 | vdb-entryx_refsource_BID |
Date Public
2005-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/9"
},
{
"name": "20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112671176100432\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rgod.altervista.org/atutor151.html"
},
{
"name": "14832",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14832"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/9"
},
{
"name": "20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112671176100432\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rgod.altervista.org/atutor151.html"
},
{
"name": "14832",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14832"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/9"
},
{
"name": "20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112671176100432\u0026w=2"
},
{
"name": "http://rgod.altervista.org/atutor151.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/atutor151.html"
},
{
"name": "14832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14832"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2956",
"datePublished": "2005-09-16T04:00:00.000Z",
"dateReserved": "2005-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:53:29.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2954 (GCVE-0-2005-2954)
Vulnerability from nvd – Published: 2005-09-16 04:00 – Updated: 2024-08-07 22:53
VLAI
Summary
SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/14831 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/16813/ | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/19411 | vdb-entryx_refsource_OSVDB |
| http://marc.info/?l=bugtraq&m=112671176100432&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2005/1751 | vdb-entryx_refsource_VUPEN |
| http://rgod.altervista.org/atutor151.html | x_refsource_MISC |
| http://www.atutor.ca/news.php#150905 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2005-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14831",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14831"
},
{
"name": "16813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16813/"
},
{
"name": "19411",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19411"
},
{
"name": "20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112671176100432\u0026w=2"
},
{
"name": "ADV-2005-1751",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1751"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rgod.altervista.org/atutor151.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.atutor.ca/news.php#150905"
},
{
"name": "atutor-passwordreminder-sql-injection(22282)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14831",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14831"
},
{
"name": "16813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16813/"
},
{
"name": "19411",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19411"
},
{
"name": "20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112671176100432\u0026w=2"
},
{
"name": "ADV-2005-1751",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1751"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rgod.altervista.org/atutor151.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.atutor.ca/news.php#150905"
},
{
"name": "atutor-passwordreminder-sql-injection(22282)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14831",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14831"
},
{
"name": "16813",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16813/"
},
{
"name": "19411",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19411"
},
{
"name": "20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112671176100432\u0026w=2"
},
{
"name": "ADV-2005-1751",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1751"
},
{
"name": "http://rgod.altervista.org/atutor151.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/atutor151.html"
},
{
"name": "http://www.atutor.ca/news.php#150905",
"refsource": "CONFIRM",
"url": "http://www.atutor.ca/news.php#150905"
},
{
"name": "atutor-passwordreminder-sql-injection(22282)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2954",
"datePublished": "2005-09-16T04:00:00.000Z",
"dateReserved": "2005-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:53:29.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2649 (GCVE-0-2005-2649)
Vulnerability from nvd – Published: 2005-08-21 04:00 – Updated: 2024-08-07 22:45
VLAI
Summary
Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/408521 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/14598 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/16496 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2005-08-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:01.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050818 ATutor 1.5.1 and prior multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/408521"
},
{
"name": "atutor-login-search-xss(21910)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21910"
},
{
"name": "14598",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14598"
},
{
"name": "16496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16496"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050818 ATutor 1.5.1 and prior multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/408521"
},
{
"name": "atutor-login-search-xss(21910)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21910"
},
{
"name": "14598",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14598"
},
{
"name": "16496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16496"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050818 ATutor 1.5.1 and prior multiple XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/408521"
},
{
"name": "atutor-login-search-xss(21910)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21910"
},
{
"name": "14598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14598"
},
{
"name": "16496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16496"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2649",
"datePublished": "2005-08-21T04:00:00.000Z",
"dateReserved": "2005-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:45:01.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2044 (GCVE-0-2005-2044)
Vulnerability from nvd – Published: 2005-06-22 04:00 – Updated: 2024-09-17 00:21
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter to inbox/send_message.php, the (5) search, (6) words, (7) include, (8) find_in, (9) display_as, or (10) search parameter to search.php, the (11) submit, (12) query, or (13) field parameter to tile.php, the (14) us parameter to forum/subscribe_forum.php, or the (15) roles[], (16) status, (17) submit, or (18) reset_filter parameters to directory.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1014216 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/17356 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/17351 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/17354 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/17355 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/17359 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/17358 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/17352 | vdb-entryx_refsource_OSVDB |
| http://lostmon.blogspot.com/2005/06/atutor-multip… | x_refsource_MISC |
| http://www.securityfocus.com/bid/13972 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/17353 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/17357 | vdb-entryx_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:36.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014216",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014216"
},
{
"name": "17356",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17356"
},
{
"name": "17351",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17351"
},
{
"name": "17354",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17354"
},
{
"name": "17355",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17355"
},
{
"name": "17359",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17359"
},
{
"name": "17358",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17358"
},
{
"name": "17352",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17352"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lostmon.blogspot.com/2005/06/atutor-multiple-variable-cross-site.html"
},
{
"name": "13972",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13972"
},
{
"name": "17353",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17353"
},
{
"name": "17357",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17357"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter to inbox/send_message.php, the (5) search, (6) words, (7) include, (8) find_in, (9) display_as, or (10) search parameter to search.php, the (11) submit, (12) query, or (13) field parameter to tile.php, the (14) us parameter to forum/subscribe_forum.php, or the (15) roles[], (16) status, (17) submit, or (18) reset_filter parameters to directory.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-22T04:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014216",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014216"
},
{
"name": "17356",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17356"
},
{
"name": "17351",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17351"
},
{
"name": "17354",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17354"
},
{
"name": "17355",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17355"
},
{
"name": "17359",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17359"
},
{
"name": "17358",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17358"
},
{
"name": "17352",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17352"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lostmon.blogspot.com/2005/06/atutor-multiple-variable-cross-site.html"
},
{
"name": "13972",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13972"
},
{
"name": "17353",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17353"
},
{
"name": "17357",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17357"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter to inbox/send_message.php, the (5) search, (6) words, (7) include, (8) find_in, (9) display_as, or (10) search parameter to search.php, the (11) submit, (12) query, or (13) field parameter to tile.php, the (14) us parameter to forum/subscribe_forum.php, or the (15) roles[], (16) status, (17) submit, or (18) reset_filter parameters to directory.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014216",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014216"
},
{
"name": "17356",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17356"
},
{
"name": "17351",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17351"
},
{
"name": "17354",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17354"
},
{
"name": "17355",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17355"
},
{
"name": "17359",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17359"
},
{
"name": "17358",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17358"
},
{
"name": "17352",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17352"
},
{
"name": "http://lostmon.blogspot.com/2005/06/atutor-multiple-variable-cross-site.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2005/06/atutor-multiple-variable-cross-site.html"
},
{
"name": "13972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13972"
},
{
"name": "17353",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17353"
},
{
"name": "17357",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17357"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2044",
"datePublished": "2005-06-22T04:00:00.000Z",
"dateReserved": "2005-06-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:21:37.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0381 (GCVE-0-2007-0381)
Vulnerability from cvelistv5 – Published: 2007-01-19 23:00 – Updated: 2024-08-07 12:19
VLAI
Summary
Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://osvdb.org/34660 | vdb-entryx_refsource_OSVDB |
| http://www.atutor.ca/atutor/mantis/changelog_page.php | x_refsource_MISC |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://www.hackers.ir/advisories/festival.txt | x_refsource_MISC |
Date Public
2007-01-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:19:29.779Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34660"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.atutor.ca/atutor/mantis/changelog_page.php"
},
{
"name": "20070118 The vulnerabilities festival !",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hackers.ir/advisories/festival.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-11-13T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34660",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34660"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.atutor.ca/atutor/mantis/changelog_page.php"
},
{
"name": "20070118 The vulnerabilities festival !",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hackers.ir/advisories/festival.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34660",
"refsource": "OSVDB",
"url": "http://osvdb.org/34660"
},
{
"name": "http://www.atutor.ca/atutor/mantis/changelog_page.php",
"refsource": "MISC",
"url": "http://www.atutor.ca/atutor/mantis/changelog_page.php"
},
{
"name": "20070118 The vulnerabilities festival !",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html"
},
{
"name": "http://www.hackers.ir/advisories/festival.txt",
"refsource": "MISC",
"url": "http://www.hackers.ir/advisories/festival.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0381",
"datePublished": "2007-01-19T23:00:00.000Z",
"dateReserved": "2007-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:19:29.779Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5734 (GCVE-0-2006-5734)
Vulnerability from cvelistv5 – Published: 2006-11-06 18:00 – Updated: 2024-08-07 20:04
VLAI
Summary
Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php, and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php. NOTE: the print.php vector is already covered by CVE-2005-3404.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/1823 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/20634 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/449233/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-10-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:54.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "atutor-section-file-include(29693)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29693"
},
{
"name": "1823",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1823"
},
{
"name": "20634",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20634"
},
{
"name": "20061019 ATutor 1.5.3.2=\u003e Remote File Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449233/100/200/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php, and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php. NOTE: the print.php vector is already covered by CVE-2005-3404."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "atutor-section-file-include(29693)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29693"
},
{
"name": "1823",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1823"
},
{
"name": "20634",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20634"
},
{
"name": "20061019 ATutor 1.5.3.2=\u003e Remote File Include Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/449233/100/200/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php, and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php. NOTE: the print.php vector is already covered by CVE-2005-3404."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "atutor-section-file-include(29693)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29693"
},
{
"name": "1823",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1823"
},
{
"name": "20634",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20634"
},
{
"name": "20061019 ATutor 1.5.3.2=\u003e Remote File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/449233/100/200/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5734",
"datePublished": "2006-11-06T18:00:00.000Z",
"dateReserved": "2006-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:04:54.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3996 (GCVE-0-2006-3996)
Vulnerability from cvelistv5 – Published: 2006-08-05 00:00 – Updated: 2024-08-07 18:48
VLAI
Summary
SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
10 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/21308 | third-party-advisoryx_refsource_SECUNIA |
| http://retrogod.altervista.org/atutor_1531_sql.html | x_refsource_MISC |
| http://securityreason.com/securityalert/1330 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/19232 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://atutor.ca/news.php#010806 | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2006/3074 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/27665 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/441711/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.exploit-db.com/exploits/2088 | exploitx_refsource_EXPLOIT-DB |
Date Public
2006-07-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21308"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://retrogod.altervista.org/atutor_1531_sql.html"
},
{
"name": "1330",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1330"
},
{
"name": "19232",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19232"
},
{
"name": "atutor-orderby-sql-injection(28082)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28082"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://atutor.ca/news.php#010806"
},
{
"name": "ADV-2006-3074",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3074"
},
{
"name": "27665",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27665"
},
{
"name": "20060730 ATutor \u003c= 1.5.3.1 \u0027links\u0027 blind SQL injection / admin credentials disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/441711/100/0/threaded"
},
{
"name": "2088",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/2088"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21308"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://retrogod.altervista.org/atutor_1531_sql.html"
},
{
"name": "1330",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1330"
},
{
"name": "19232",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19232"
},
{
"name": "atutor-orderby-sql-injection(28082)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28082"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://atutor.ca/news.php#010806"
},
{
"name": "ADV-2006-3074",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3074"
},
{
"name": "27665",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27665"
},
{
"name": "20060730 ATutor \u003c= 1.5.3.1 \u0027links\u0027 blind SQL injection / admin credentials disclosure",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/441711/100/0/threaded"
},
{
"name": "2088",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/2088"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21308"
},
{
"name": "http://retrogod.altervista.org/atutor_1531_sql.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/atutor_1531_sql.html"
},
{
"name": "1330",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1330"
},
{
"name": "19232",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19232"
},
{
"name": "atutor-orderby-sql-injection(28082)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28082"
},
{
"name": "http://atutor.ca/news.php#010806",
"refsource": "MISC",
"url": "http://atutor.ca/news.php#010806"
},
{
"name": "ADV-2006-3074",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3074"
},
{
"name": "27665",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27665"
},
{
"name": "20060730 ATutor \u003c= 1.5.3.1 \u0027links\u0027 blind SQL injection / admin credentials disclosure",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441711/100/0/threaded"
},
{
"name": "2088",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/2088"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3996",
"datePublished": "2006-08-05T00:00:00.000Z",
"dateReserved": "2006-08-04T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:48:39.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3821 (GCVE-0-2006-3821)
Vulnerability from cvelistv5 – Published: 2006-07-25 00:00 – Updated: 2024-08-07 18:48
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/displayvuln.php?osvdb_id=28187 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/439873/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/439522 | mailing-listx_refsource_BUGTRAQ |
| http://secunia.com/advisories/21008 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/28186 | vdb-entryx_refsource_OSVDB |
Date Public
2006-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28187",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=28187"
},
{
"name": "atutor-registration-xss(27619)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27619"
},
{
"name": "20060711 Re: ATutor 1.5.3 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439873/100/100/threaded"
},
{
"name": "20060708 ATutor 1.5.3 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439522"
},
{
"name": "21008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21008"
},
{
"name": "28186",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28186"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28187",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=28187"
},
{
"name": "atutor-registration-xss(27619)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27619"
},
{
"name": "20060711 Re: ATutor 1.5.3 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439873/100/100/threaded"
},
{
"name": "20060708 ATutor 1.5.3 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439522"
},
{
"name": "21008",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21008"
},
{
"name": "28186",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28186"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28187",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=28187"
},
{
"name": "atutor-registration-xss(27619)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27619"
},
{
"name": "20060711 Re: ATutor 1.5.3 Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439873/100/100/threaded"
},
{
"name": "20060708 ATutor 1.5.3 Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439522"
},
{
"name": "21008",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21008"
},
{
"name": "28186",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28186"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3821",
"datePublished": "2006-07-25T00:00:00.000Z",
"dateReserved": "2006-07-24T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:48:39.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3662 (GCVE-0-2006-3662)
Vulnerability from cvelistv5 – Published: 2006-07-17 21:00 – Updated: 2024-08-07 18:39 Disputed
VLAI
Summary
SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.osvdb.org/28188 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/18898 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/440837/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/archive/1/439873/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2006-07-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.650Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "atutor-index-sql-injection(27620)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27620"
},
{
"name": "20060708 ATutor 1.5.3 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0096.html"
},
{
"name": "28188",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28188"
},
{
"name": "18898",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18898"
},
{
"name": "20060721 Re: ATutor 1.5.3 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440837/100/100/threaded"
},
{
"name": "20060711 Re: ATutor 1.5.3 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439873/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states \"The mentioned SQL injection vulnerability is not possible.\" However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "atutor-index-sql-injection(27620)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27620"
},
{
"name": "20060708 ATutor 1.5.3 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0096.html"
},
{
"name": "28188",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28188"
},
{
"name": "18898",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18898"
},
{
"name": "20060721 Re: ATutor 1.5.3 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440837/100/100/threaded"
},
{
"name": "20060711 Re: ATutor 1.5.3 Cross Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439873/100/100/threaded"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states \"The mentioned SQL injection vulnerability is not possible.\" However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "atutor-index-sql-injection(27620)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27620"
},
{
"name": "20060708 ATutor 1.5.3 Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0096.html"
},
{
"name": "28188",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28188"
},
{
"name": "18898",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18898"
},
{
"name": "20060721 Re: ATutor 1.5.3 Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440837/100/100/threaded"
},
{
"name": "20060711 Re: ATutor 1.5.3 Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439873/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3662",
"datePublished": "2006-07-17T21:00:00.000Z",
"dateReserved": "2006-07-17T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:39:53.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3484 (GCVE-0-2006-3484)
Vulnerability from cvelistv5 – Published: 2006-07-10 20:00 – Updated: 2024-08-07 18:30
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) users/create_course.php, (3) p parameter to (c) documentation/admin/, (4) forgot parameter to (d) password_reminder.php, (5) cat parameter to (e) users/browse.php, or the (6) submit parameter to admin/fix_content.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2006/2691 | vdb-entryx_refsource_VUPEN |
| http://www.osvdb.org/27021 | vdb-entryx_refsource_OSVDB |
| http://www.atutor.ca/view/3/8341/1.html | x_refsource_CONFIRM |
| http://secunia.com/advisories/20941 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/27020 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/27023 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/27022 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/18857 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/27019 | vdb-entryx_refsource_OSVDB |
Date Public
2006-07-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:33.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-2691",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2691"
},
{
"name": "27021",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27021"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.atutor.ca/view/3/8341/1.html"
},
{
"name": "20941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20941"
},
{
"name": "27020",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27020"
},
{
"name": "27023",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27023"
},
{
"name": "27022",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27022"
},
{
"name": "18857",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18857"
},
{
"name": "27019",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) users/create_course.php, (3) p parameter to (c) documentation/admin/, (4) forgot parameter to (d) password_reminder.php, (5) cat parameter to (e) users/browse.php, or the (6) submit parameter to admin/fix_content.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-07-15T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-2691",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2691"
},
{
"name": "27021",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27021"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.atutor.ca/view/3/8341/1.html"
},
{
"name": "20941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20941"
},
{
"name": "27020",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27020"
},
{
"name": "27023",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27023"
},
{
"name": "27022",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27022"
},
{
"name": "18857",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18857"
},
{
"name": "27019",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) users/create_course.php, (3) p parameter to (c) documentation/admin/, (4) forgot parameter to (d) password_reminder.php, (5) cat parameter to (e) users/browse.php, or the (6) submit parameter to admin/fix_content.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-2691",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2691"
},
{
"name": "27021",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27021"
},
{
"name": "http://www.atutor.ca/view/3/8341/1.html",
"refsource": "CONFIRM",
"url": "http://www.atutor.ca/view/3/8341/1.html"
},
{
"name": "20941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20941"
},
{
"name": "27020",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27020"
},
{
"name": "27023",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27023"
},
{
"name": "27022",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27022"
},
{
"name": "18857",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18857"
},
{
"name": "27019",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3484",
"datePublished": "2006-07-10T20:00:00.000Z",
"dateReserved": "2006-07-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T18:30:33.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4155 (GCVE-0-2005-4155)
Vulnerability from cvelistv5 – Published: 2005-12-11 02:00 – Updated: 2024-08-07 23:38
VLAI
Summary
registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://securitytracker.com/alerts/2005/Nov/1015166.html | vdb-entryx_refsource_SECTRACK |
| http://rgod.altervista.org/atutor151pl2.html | x_refsource_MISC |
| http://www.osvdb.org/20851 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/15355/ | vdb-entryx_refsource_BID |
Date Public
2005-11-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:38:51.228Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1015166",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/alerts/2005/Nov/1015166.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rgod.altervista.org/atutor151pl2.html"
},
{
"name": "20851",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20851"
},
{
"name": "15355",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15355/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-04T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1015166",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/alerts/2005/Nov/1015166.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rgod.altervista.org/atutor151pl2.html"
},
{
"name": "20851",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20851"
},
{
"name": "15355",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15355/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a vulnerability in ATutor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015166",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2005/Nov/1015166.html"
},
{
"name": "http://rgod.altervista.org/atutor151pl2.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/atutor151pl2.html"
},
{
"name": "20851",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20851"
},
{
"name": "15355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15355/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4155",
"datePublished": "2005-12-11T02:00:00.000Z",
"dateReserved": "2005-12-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:38:51.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3404 (GCVE-0-2005-3404)
Vulnerability from cvelistv5 – Published: 2005-11-01 11:00 – Updated: 2024-08-07 23:10
VLAI
Summary
Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=113043022821049&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2005/2228 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/16915/ | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/20346 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/20345 | vdb-entryx_refsource_OSVDB |
| http://securityreason.com/securityalert/123 | third-party-advisoryx_refsource_SREASON |
| http://securitytracker.com/id?1015165 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/15221 | vdb-entryx_refsource_BID |
| http://secunia.com/secunia_research/2005-55/advisory/ | x_refsource_MISC |
Date Public
2005-10-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051027 Secunia Research: ATutor Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113043022821049\u0026w=2"
},
{
"name": "ADV-2005-2228",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2228"
},
{
"name": "16915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16915/"
},
{
"name": "20346",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20346"
},
{
"name": "20345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20345"
},
{
"name": "123",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/123"
},
{
"name": "1015165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015165"
},
{
"name": "15221",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15221"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-55/advisory/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051027 Secunia Research: ATutor Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113043022821049\u0026w=2"
},
{
"name": "ADV-2005-2228",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2228"
},
{
"name": "16915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16915/"
},
{
"name": "20346",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20346"
},
{
"name": "20345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20345"
},
{
"name": "123",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/123"
},
{
"name": "1015165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015165"
},
{
"name": "15221",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15221"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-55/advisory/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3404",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051027 Secunia Research: ATutor Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113043022821049\u0026w=2"
},
{
"name": "ADV-2005-2228",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2228"
},
{
"name": "16915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16915/"
},
{
"name": "20346",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20346"
},
{
"name": "20345",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20345"
},
{
"name": "123",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/123"
},
{
"name": "1015165",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015165"
},
{
"name": "15221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15221"
},
{
"name": "http://secunia.com/secunia_research/2005-55/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-55/advisory/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3404",
"datePublished": "2005-11-01T11:00:00.000Z",
"dateReserved": "2005-11-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:10:08.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3403 (GCVE-0-2005-3403)
Vulnerability from cvelistv5 – Published: 2005-11-01 11:00 – Updated: 2024-08-07 23:10
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in add_note.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=113043022821049&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2005/2228 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/16915/ | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/20348 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/20349 | vdb-entryx_refsource_OSVDB |
| http://securityreason.com/securityalert/123 | third-party-advisoryx_refsource_SREASON |
| http://securitytracker.com/id?1015165 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/15221 | vdb-entryx_refsource_BID |
| http://atutor.ca/view/3/6158/1.html | x_refsource_CONFIRM |
| http://secunia.com/secunia_research/2005-55/advisory/ | x_refsource_MISC |
| http://www.osvdb.org/20347 | vdb-entryx_refsource_OSVDB |
Date Public
2005-10-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.316Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20051027 Secunia Research: ATutor Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113043022821049\u0026w=2"
},
{
"name": "ADV-2005-2228",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2228"
},
{
"name": "16915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16915/"
},
{
"name": "20348",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20348"
},
{
"name": "20349",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20349"
},
{
"name": "123",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/123"
},
{
"name": "1015165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015165"
},
{
"name": "15221",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://atutor.ca/view/3/6158/1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2005-55/advisory/"
},
{
"name": "20347",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20347"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in add_note.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20051027 Secunia Research: ATutor Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=113043022821049\u0026w=2"
},
{
"name": "ADV-2005-2228",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2228"
},
{
"name": "16915",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16915/"
},
{
"name": "20348",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20348"
},
{
"name": "20349",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20349"
},
{
"name": "123",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/123"
},
{
"name": "1015165",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015165"
},
{
"name": "15221",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://atutor.ca/view/3/6158/1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2005-55/advisory/"
},
{
"name": "20347",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20347"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3403",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in add_note.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051027 Secunia Research: ATutor Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=113043022821049\u0026w=2"
},
{
"name": "ADV-2005-2228",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2228"
},
{
"name": "16915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16915/"
},
{
"name": "20348",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20348"
},
{
"name": "20349",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20349"
},
{
"name": "123",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/123"
},
{
"name": "1015165",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015165"
},
{
"name": "15221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15221"
},
{
"name": "http://atutor.ca/view/3/6158/1.html",
"refsource": "CONFIRM",
"url": "http://atutor.ca/view/3/6158/1.html"
},
{
"name": "http://secunia.com/secunia_research/2005-55/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-55/advisory/"
},
{
"name": "20347",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20347"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3403",
"datePublished": "2005-11-01T11:00:00.000Z",
"dateReserved": "2005-11-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:10:08.316Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2955 (GCVE-0-2005-2955)
Vulnerability from cvelistv5 – Published: 2005-09-16 04:00 – Updated: 2024-08-07 22:53
VLAI
Summary
config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://marc.info/?l=bugtraq&m=112671176100432&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://rgod.altervista.org/atutor151.html | x_refsource_MISC |
Date Public
2005-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112671176100432\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rgod.altervista.org/atutor151.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112671176100432\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rgod.altervista.org/atutor151.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112671176100432\u0026w=2"
},
{
"name": "http://rgod.altervista.org/atutor151.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/atutor151.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2955",
"datePublished": "2005-09-16T04:00:00.000Z",
"dateReserved": "2005-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:53:29.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2956 (GCVE-0-2005-2956)
Vulnerability from cvelistv5 – Published: 2005-09-16 04:00 – Updated: 2024-08-07 22:53
VLAI
Summary
ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/9 | third-party-advisoryx_refsource_SREASON |
| http://marc.info/?l=bugtraq&m=112671176100432&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://rgod.altervista.org/atutor151.html | x_refsource_MISC |
| http://www.securityfocus.com/bid/14832 | vdb-entryx_refsource_BID |
Date Public
2005-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.938Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "9",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/9"
},
{
"name": "20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112671176100432\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rgod.altervista.org/atutor151.html"
},
{
"name": "14832",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14832"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "9",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/9"
},
{
"name": "20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112671176100432\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rgod.altervista.org/atutor151.html"
},
{
"name": "14832",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14832"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/9"
},
{
"name": "20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112671176100432\u0026w=2"
},
{
"name": "http://rgod.altervista.org/atutor151.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/atutor151.html"
},
{
"name": "14832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14832"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2956",
"datePublished": "2005-09-16T04:00:00.000Z",
"dateReserved": "2005-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:53:29.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2954 (GCVE-0-2005-2954)
Vulnerability from cvelistv5 – Published: 2005-09-16 04:00 – Updated: 2024-08-07 22:53
VLAI
Summary
SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/14831 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/16813/ | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/19411 | vdb-entryx_refsource_OSVDB |
| http://marc.info/?l=bugtraq&m=112671176100432&w=2 | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2005/1751 | vdb-entryx_refsource_VUPEN |
| http://rgod.altervista.org/atutor151.html | x_refsource_MISC |
| http://www.atutor.ca/news.php#150905 | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2005-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.657Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "14831",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14831"
},
{
"name": "16813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16813/"
},
{
"name": "19411",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19411"
},
{
"name": "20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112671176100432\u0026w=2"
},
{
"name": "ADV-2005-1751",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1751"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rgod.altervista.org/atutor151.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.atutor.ca/news.php#150905"
},
{
"name": "atutor-passwordreminder-sql-injection(22282)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "14831",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14831"
},
{
"name": "16813",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16813/"
},
{
"name": "19411",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19411"
},
{
"name": "20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112671176100432\u0026w=2"
},
{
"name": "ADV-2005-1751",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1751"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rgod.altervista.org/atutor151.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.atutor.ca/news.php#150905"
},
{
"name": "atutor-passwordreminder-sql-injection(22282)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14831",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14831"
},
{
"name": "16813",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16813/"
},
{
"name": "19411",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19411"
},
{
"name": "20050914 ATutor 1.5.1 SQL Injection / Admin credentials disclosure / Information disclosure / User impersonation / Remote code execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112671176100432\u0026w=2"
},
{
"name": "ADV-2005-1751",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1751"
},
{
"name": "http://rgod.altervista.org/atutor151.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/atutor151.html"
},
{
"name": "http://www.atutor.ca/news.php#150905",
"refsource": "CONFIRM",
"url": "http://www.atutor.ca/news.php#150905"
},
{
"name": "atutor-passwordreminder-sql-injection(22282)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2954",
"datePublished": "2005-09-16T04:00:00.000Z",
"dateReserved": "2005-09-16T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:53:29.657Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2649 (GCVE-0-2005-2649)
Vulnerability from cvelistv5 – Published: 2005-08-21 04:00 – Updated: 2024-08-07 22:45
VLAI
Summary
Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/408521 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/14598 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/16496 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2005-08-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:45:01.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050818 ATutor 1.5.1 and prior multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/408521"
},
{
"name": "atutor-login-search-xss(21910)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21910"
},
{
"name": "14598",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14598"
},
{
"name": "16496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16496"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-08-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050818 ATutor 1.5.1 and prior multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/408521"
},
{
"name": "atutor-login-search-xss(21910)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21910"
},
{
"name": "14598",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14598"
},
{
"name": "16496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16496"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050818 ATutor 1.5.1 and prior multiple XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/408521"
},
{
"name": "atutor-login-search-xss(21910)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21910"
},
{
"name": "14598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14598"
},
{
"name": "16496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16496"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2649",
"datePublished": "2005-08-21T04:00:00.000Z",
"dateReserved": "2005-08-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T22:45:01.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-2044 (GCVE-0-2005-2044)
Vulnerability from cvelistv5 – Published: 2005-06-22 04:00 – Updated: 2024-09-17 00:21
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter to inbox/send_message.php, the (5) search, (6) words, (7) include, (8) find_in, (9) display_as, or (10) search parameter to search.php, the (11) submit, (12) query, or (13) field parameter to tile.php, the (14) us parameter to forum/subscribe_forum.php, or the (15) roles[], (16) status, (17) submit, or (18) reset_filter parameters to directory.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://securitytracker.com/id?1014216 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/17356 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/17351 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/17354 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/17355 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/17359 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/17358 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/17352 | vdb-entryx_refsource_OSVDB |
| http://lostmon.blogspot.com/2005/06/atutor-multip… | x_refsource_MISC |
| http://www.securityfocus.com/bid/13972 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/17353 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/17357 | vdb-entryx_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:36.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014216",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014216"
},
{
"name": "17356",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17356"
},
{
"name": "17351",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17351"
},
{
"name": "17354",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17354"
},
{
"name": "17355",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17355"
},
{
"name": "17359",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17359"
},
{
"name": "17358",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17358"
},
{
"name": "17352",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17352"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lostmon.blogspot.com/2005/06/atutor-multiple-variable-cross-site.html"
},
{
"name": "13972",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13972"
},
{
"name": "17353",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17353"
},
{
"name": "17357",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/17357"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter to inbox/send_message.php, the (5) search, (6) words, (7) include, (8) find_in, (9) display_as, or (10) search parameter to search.php, the (11) submit, (12) query, or (13) field parameter to tile.php, the (14) us parameter to forum/subscribe_forum.php, or the (15) roles[], (16) status, (17) submit, or (18) reset_filter parameters to directory.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-22T04:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014216",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014216"
},
{
"name": "17356",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17356"
},
{
"name": "17351",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17351"
},
{
"name": "17354",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17354"
},
{
"name": "17355",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17355"
},
{
"name": "17359",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17359"
},
{
"name": "17358",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17358"
},
{
"name": "17352",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17352"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lostmon.blogspot.com/2005/06/atutor-multiple-variable-cross-site.html"
},
{
"name": "13972",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13972"
},
{
"name": "17353",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17353"
},
{
"name": "17357",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/17357"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter to inbox/send_message.php, the (5) search, (6) words, (7) include, (8) find_in, (9) display_as, or (10) search parameter to search.php, the (11) submit, (12) query, or (13) field parameter to tile.php, the (14) us parameter to forum/subscribe_forum.php, or the (15) roles[], (16) status, (17) submit, or (18) reset_filter parameters to directory.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014216",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014216"
},
{
"name": "17356",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17356"
},
{
"name": "17351",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17351"
},
{
"name": "17354",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17354"
},
{
"name": "17355",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17355"
},
{
"name": "17359",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17359"
},
{
"name": "17358",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17358"
},
{
"name": "17352",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17352"
},
{
"name": "http://lostmon.blogspot.com/2005/06/atutor-multiple-variable-cross-site.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2005/06/atutor-multiple-variable-cross-site.html"
},
{
"name": "13972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13972"
},
{
"name": "17353",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17353"
},
{
"name": "17357",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17357"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2044",
"datePublished": "2005-06-22T04:00:00.000Z",
"dateReserved": "2005-06-21T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:21:37.469Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}