Search criteria
8 vulnerabilities found for blackboard_academic_suite by blackboard
CVE-2008-3421 (GCVE-0-2008-3421)
Vulnerability from nvd – Published: 2008-07-31 17:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020559",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020559"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ceaseless.ws/bb-csrf/"
},
{
"name": "blackboard-unspecified-csrf(43986)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43986"
},
{
"name": "31177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31177"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020559",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020559"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ceaseless.ws/bb-csrf/"
},
{
"name": "blackboard-unspecified-csrf(43986)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43986"
},
{
"name": "31177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31177"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020559",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020559"
},
{
"name": "http://ceaseless.ws/bb-csrf/",
"refsource": "MISC",
"url": "http://ceaseless.ws/bb-csrf/"
},
{
"name": "blackboard-unspecified-csrf(43986)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43986"
},
{
"name": "31177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31177"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3421",
"datePublished": "2008-07-31T17:00:00",
"dateReserved": "2008-07-31T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1883 (GCVE-0-2008-1883)
Vulnerability from nvd – Published: 2008-04-18 15:00 – Updated: 2024-08-07 08:40
VLAI?
Summary
The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite"
},
{
"name": "3810",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3810"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/"
},
{
"name": "20080326 Blackboard Academic Suite Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490096/100/0/threaded"
},
{
"name": "blackboard-client-information-disclosure(41935)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41935"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite"
},
{
"name": "3810",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3810"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/"
},
{
"name": "20080326 Blackboard Academic Suite Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490096/100/0/threaded"
},
{
"name": "blackboard-client-information-disclosure(41935)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41935"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite",
"refsource": "MISC",
"url": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite"
},
{
"name": "3810",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3810"
},
{
"name": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/",
"refsource": "MISC",
"url": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/"
},
{
"name": "20080326 Blackboard Academic Suite Multiple XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490096/100/0/threaded"
},
{
"name": "blackboard-client-information-disclosure(41935)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41935"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1883",
"datePublished": "2008-04-18T15:00:00",
"dateReserved": "2008-04-18T00:00:00",
"dateUpdated": "2024-08-07T08:40:59.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3914 (GCVE-0-2006-3914)
Vulnerability from nvd – Published: 2006-07-28 00:00 – Updated: 2024-08-07 18:48
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1295",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1295"
},
{
"name": "20060720 Blackboard Academic Suite 6.2.23 +/-: Persistent cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440888/100/0/threaded"
},
{
"name": "blackboard-test-textbox-xss(27895)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27895"
},
{
"name": "1016556",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016556"
},
{
"name": "19101",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via \"View Attempt Details\" in the Gradebook."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1295",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1295"
},
{
"name": "20060720 Blackboard Academic Suite 6.2.23 +/-: Persistent cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440888/100/0/threaded"
},
{
"name": "blackboard-test-textbox-xss(27895)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27895"
},
{
"name": "1016556",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016556"
},
{
"name": "19101",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via \"View Attempt Details\" in the Gradebook."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1295",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1295"
},
{
"name": "20060720 Blackboard Academic Suite 6.2.23 +/-: Persistent cross-site scripting vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440888/100/0/threaded"
},
{
"name": "blackboard-test-textbox-xss(27895)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27895"
},
{
"name": "1016556",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016556"
},
{
"name": "19101",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3914",
"datePublished": "2006-07-28T00:00:00",
"dateReserved": "2006-07-27T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0511 (GCVE-0-2006-0511)
Vulnerability from nvd – Published: 2006-02-01 23:00 – Updated: 2024-08-07 16:41 Disputed
VLAI?
Summary
Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that "This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:27.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16438",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16438"
},
{
"name": "20060202 Re: Blackboard Authentication Error",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/423778/100/0/threaded"
},
{
"name": "20060201 Re: Blackboard Authentication Error",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/423686/100/0/threaded"
},
{
"name": "20060201 Blackboard Authentication Error",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/423654/100/0/threaded"
},
{
"name": "28023",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that \"This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16438",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16438"
},
{
"name": "20060202 Re: Blackboard Authentication Error",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/423778/100/0/threaded"
},
{
"name": "20060201 Re: Blackboard Authentication Error",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/423686/100/0/threaded"
},
{
"name": "20060201 Blackboard Authentication Error",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/423654/100/0/threaded"
},
{
"name": "28023",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28023"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that \"This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16438",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16438"
},
{
"name": "20060202 Re: Blackboard Authentication Error",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423778/100/0/threaded"
},
{
"name": "20060201 Re: Blackboard Authentication Error",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423686/100/0/threaded"
},
{
"name": "20060201 Blackboard Authentication Error",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423654/100/0/threaded"
},
{
"name": "28023",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28023"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0511",
"datePublished": "2006-02-01T23:00:00",
"dateReserved": "2006-02-01T00:00:00",
"dateUpdated": "2024-08-07T16:41:27.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3421 (GCVE-0-2008-3421)
Vulnerability from cvelistv5 – Published: 2008-07-31 17:00 – Updated: 2024-08-07 09:37
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:37:26.900Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1020559",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020559"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://ceaseless.ws/bb-csrf/"
},
{
"name": "blackboard-unspecified-csrf(43986)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43986"
},
{
"name": "31177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31177"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1020559",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020559"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://ceaseless.ws/bb-csrf/"
},
{
"name": "blackboard-unspecified-csrf(43986)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43986"
},
{
"name": "31177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31177"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020559",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020559"
},
{
"name": "http://ceaseless.ws/bb-csrf/",
"refsource": "MISC",
"url": "http://ceaseless.ws/bb-csrf/"
},
{
"name": "blackboard-unspecified-csrf(43986)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43986"
},
{
"name": "31177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31177"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3421",
"datePublished": "2008-07-31T17:00:00",
"dateReserved": "2008-07-31T00:00:00",
"dateUpdated": "2024-08-07T09:37:26.900Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1883 (GCVE-0-2008-1883)
Vulnerability from cvelistv5 – Published: 2008-04-18 15:00 – Updated: 2024-08-07 08:40
VLAI?
Summary
The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.905Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite"
},
{
"name": "3810",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3810"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/"
},
{
"name": "20080326 Blackboard Academic Suite Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490096/100/0/threaded"
},
{
"name": "blackboard-client-information-disclosure(41935)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41935"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite"
},
{
"name": "3810",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3810"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/"
},
{
"name": "20080326 Blackboard Academic Suite Multiple XSS Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490096/100/0/threaded"
},
{
"name": "blackboard-client-information-disclosure(41935)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41935"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite",
"refsource": "MISC",
"url": "http://www.scribd.com/doc/2363025/Hacking-Blackboard-Academic-Suite"
},
{
"name": "3810",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3810"
},
{
"name": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/",
"refsource": "MISC",
"url": "http://secskill.wordpress.com/2008/03/27/hacking-blackboard-academic-suite-2/"
},
{
"name": "20080326 Blackboard Academic Suite Multiple XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490096/100/0/threaded"
},
{
"name": "blackboard-client-information-disclosure(41935)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41935"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1883",
"datePublished": "2008-04-18T15:00:00",
"dateReserved": "2008-04-18T00:00:00",
"dateUpdated": "2024-08-07T08:40:59.905Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3914 (GCVE-0-2006-3914)
Vulnerability from cvelistv5 – Published: 2006-07-28 00:00 – Updated: 2024-08-07 18:48
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1295",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1295"
},
{
"name": "20060720 Blackboard Academic Suite 6.2.23 +/-: Persistent cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440888/100/0/threaded"
},
{
"name": "blackboard-test-textbox-xss(27895)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27895"
},
{
"name": "1016556",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016556"
},
{
"name": "19101",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19101"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via \"View Attempt Details\" in the Gradebook."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1295",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1295"
},
{
"name": "20060720 Blackboard Academic Suite 6.2.23 +/-: Persistent cross-site scripting vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440888/100/0/threaded"
},
{
"name": "blackboard-test-textbox-xss(27895)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27895"
},
{
"name": "1016556",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016556"
},
{
"name": "19101",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19101"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via \"View Attempt Details\" in the Gradebook."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1295",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1295"
},
{
"name": "20060720 Blackboard Academic Suite 6.2.23 +/-: Persistent cross-site scripting vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440888/100/0/threaded"
},
{
"name": "blackboard-test-textbox-xss(27895)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27895"
},
{
"name": "1016556",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016556"
},
{
"name": "19101",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19101"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3914",
"datePublished": "2006-07-28T00:00:00",
"dateReserved": "2006-07-27T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-0511 (GCVE-0-2006-0511)
Vulnerability from cvelistv5 – Published: 2006-02-01 23:00 – Updated: 2024-08-07 16:41 Disputed
VLAI?
Summary
Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that "This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:27.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16438",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16438"
},
{
"name": "20060202 Re: Blackboard Authentication Error",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/423778/100/0/threaded"
},
{
"name": "20060201 Re: Blackboard Authentication Error",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/423686/100/0/threaded"
},
{
"name": "20060201 Blackboard Authentication Error",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/423654/100/0/threaded"
},
{
"name": "28023",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28023"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that \"This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16438",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16438"
},
{
"name": "20060202 Re: Blackboard Authentication Error",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/423778/100/0/threaded"
},
{
"name": "20060201 Re: Blackboard Authentication Error",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/423686/100/0/threaded"
},
{
"name": "20060201 Blackboard Authentication Error",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/423654/100/0/threaded"
},
{
"name": "28023",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28023"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0511",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that \"This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16438",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16438"
},
{
"name": "20060202 Re: Blackboard Authentication Error",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423778/100/0/threaded"
},
{
"name": "20060201 Re: Blackboard Authentication Error",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423686/100/0/threaded"
},
{
"name": "20060201 Blackboard Authentication Error",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/423654/100/0/threaded"
},
{
"name": "28023",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28023"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0511",
"datePublished": "2006-02-01T23:00:00",
"dateReserved": "2006-02-01T00:00:00",
"dateUpdated": "2024-08-07T16:41:27.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}