Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
12 vulnerabilities found for open_source_learning_and_knowledge_management_tool by dokeos
CVE-2008-1223 (GCVE-0-2008-1223)
Vulnerability from nvd – Published: 2008-03-10 17:00 – Updated: 2024-08-07 08:17
VLAI
Summary
Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers to execute arbitrary code via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2008/0798 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/29254 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/28121 | vdb-entryx_refsource_BID |
| http://projects.dokeos.com/index.php?do=details&t… | x_refsource_CONFIRM |
| http://www.dokeos.com/wiki/index.php/Security | x_refsource_CONFIRM |
Date Public
2008-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "dokeos-unspecified-code-execution(41048)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41048"
},
{
"name": "ADV-2008-0798",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0798"
},
{
"name": "29254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29254"
},
{
"name": "28121",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28121"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://projects.dokeos.com/index.php?do=details\u0026task_id=2312"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dokeos.com/wiki/index.php/Security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "dokeos-unspecified-code-execution(41048)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41048"
},
{
"name": "ADV-2008-0798",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0798"
},
{
"name": "29254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29254"
},
{
"name": "28121",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28121"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://projects.dokeos.com/index.php?do=details\u0026task_id=2312"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dokeos.com/wiki/index.php/Security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dokeos-unspecified-code-execution(41048)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41048"
},
{
"name": "ADV-2008-0798",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0798"
},
{
"name": "29254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29254"
},
{
"name": "28121",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28121"
},
{
"name": "http://projects.dokeos.com/index.php?do=details\u0026task_id=2312",
"refsource": "CONFIRM",
"url": "http://projects.dokeos.com/index.php?do=details\u0026task_id=2312"
},
{
"name": "http://www.dokeos.com/wiki/index.php/Security",
"refsource": "CONFIRM",
"url": "http://www.dokeos.com/wiki/index.php/Security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1223",
"datePublished": "2008-03-10T17:00:00.000Z",
"dateReserved": "2008-03-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:17:34.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1222 (GCVE-0-2008-1222)
Vulnerability from nvd – Published: 2008-03-10 17:00 – Updated: 2024-08-07 08:17
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2008/0798 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/29254 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/28121 | vdb-entryx_refsource_BID |
| http://projects.dokeos.com/index.php?do=details&t… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.dokeos.com/wiki/index.php/Security | x_refsource_CONFIRM |
Date Public
2008-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:33.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-0798",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0798"
},
{
"name": "29254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29254"
},
{
"name": "28121",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28121"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://projects.dokeos.com/index.php?do=details\u0026task_id=2312"
},
{
"name": "dokeos-unspecified-xss(41046)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41046"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dokeos.com/wiki/index.php/Security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-0798",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0798"
},
{
"name": "29254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29254"
},
{
"name": "28121",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28121"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://projects.dokeos.com/index.php?do=details\u0026task_id=2312"
},
{
"name": "dokeos-unspecified-xss(41046)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41046"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dokeos.com/wiki/index.php/Security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0798",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0798"
},
{
"name": "29254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29254"
},
{
"name": "28121",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28121"
},
{
"name": "http://projects.dokeos.com/index.php?do=details\u0026task_id=2312",
"refsource": "CONFIRM",
"url": "http://projects.dokeos.com/index.php?do=details\u0026task_id=2312"
},
{
"name": "dokeos-unspecified-xss(41046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41046"
},
{
"name": "http://www.dokeos.com/wiki/index.php/Security",
"refsource": "CONFIRM",
"url": "http://www.dokeos.com/wiki/index.php/Security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1222",
"datePublished": "2008-03-10T17:00:00.000Z",
"dateReserved": "2008-03-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:17:33.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6574 (GCVE-0-2007-6574)
Vulnerability from nvd – Published: 2007-12-28 21:00 – Updated: 2024-08-07 16:11
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3481 | third-party-advisoryx_refsource_SREASON |
| http://osvdb.org/39771 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39772 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/485458/100… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/39773 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/26992 | vdb-entryx_refsource_BID |
Date Public
2007-12-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:05.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3481",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3481"
},
{
"name": "39771",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39771"
},
{
"name": "39772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39772"
},
{
"name": "20071222 [HSC] Dokeos Multiple Cross-Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485458/100/0/threaded"
},
{
"name": "39773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39773"
},
{
"name": "26992",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26992"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3481",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3481"
},
{
"name": "39771",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39771"
},
{
"name": "39772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39772"
},
{
"name": "20071222 [HSC] Dokeos Multiple Cross-Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485458/100/0/threaded"
},
{
"name": "39773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39773"
},
{
"name": "26992",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26992"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3481",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3481"
},
{
"name": "39771",
"refsource": "OSVDB",
"url": "http://osvdb.org/39771"
},
{
"name": "39772",
"refsource": "OSVDB",
"url": "http://osvdb.org/39772"
},
{
"name": "20071222 [HSC] Dokeos Multiple Cross-Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485458/100/0/threaded"
},
{
"name": "39773",
"refsource": "OSVDB",
"url": "http://osvdb.org/39773"
},
{
"name": "26992",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26992"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6574",
"datePublished": "2007-12-28T21:00:00.000Z",
"dateReserved": "2007-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:11:05.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2889 (GCVE-0-2007-2889)
Vulnerability from nvd – Published: 2007-05-30 01:00 – Updated: 2024-08-07 13:57
VLAI
Summary
SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/3980 | exploitx_refsource_EXPLOIT-DB |
| http://osvdb.org/38061 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/24136 | vdb-entryx_refsource_BID |
Date Public
2007-05-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "dokeos-courselog-sql-injection(34483)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34483"
},
{
"name": "3980",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3980"
},
{
"name": "38061",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38061"
},
{
"name": "24136",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "dokeos-courselog-sql-injection(34483)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34483"
},
{
"name": "3980",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3980"
},
{
"name": "38061",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38061"
},
{
"name": "24136",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24136"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dokeos-courselog-sql-injection(34483)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34483"
},
{
"name": "3980",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3980"
},
{
"name": "38061",
"refsource": "OSVDB",
"url": "http://osvdb.org/38061"
},
{
"name": "24136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24136"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2889",
"datePublished": "2007-05-30T01:00:00.000Z",
"dateReserved": "2007-05-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:57:54.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4844 (GCVE-0-2006-4844)
Vulnerability from nvd – Published: 2006-09-19 01:00 – Updated: 2024-08-07 19:23
VLAI
Summary
PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.claroline.net/wiki/index.php/Changelog… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/20056 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/3638 | vdb-entryx_refsource_VUPEN |
| http://www.gulftech.org/?node=research&article_id… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/21948 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/21931 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/3639 | vdb-entryx_refsource_VUPEN |
| http://www.gulftech.org/?node=research&article_id… | x_refsource_MISC |
Date Public
2006-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.claroline.net/wiki/index.php/Changelog_1.7.x#Modification_between_claroline_1.7.7_and_1.7.8"
},
{
"name": "20056",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20056"
},
{
"name": "ADV-2006-3638",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3638"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00112-09142006\u0026"
},
{
"name": "claroline-claro-file-include(28943)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28943"
},
{
"name": "21948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21948"
},
{
"name": "21931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21931"
},
{
"name": "ADV-2006-3639",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3639"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00112-09142006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.claroline.net/wiki/index.php/Changelog_1.7.x#Modification_between_claroline_1.7.7_and_1.7.8"
},
{
"name": "20056",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20056"
},
{
"name": "ADV-2006-3638",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3638"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00112-09142006\u0026"
},
{
"name": "claroline-claro-file-include(28943)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28943"
},
{
"name": "21948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21948"
},
{
"name": "21931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21931"
},
{
"name": "ADV-2006-3639",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3639"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00112-09142006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.claroline.net/wiki/index.php/Changelog_1.7.x#Modification_between_claroline_1.7.7_and_1.7.8",
"refsource": "CONFIRM",
"url": "http://www.claroline.net/wiki/index.php/Changelog_1.7.x#Modification_between_claroline_1.7.7_and_1.7.8"
},
{
"name": "20056",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20056"
},
{
"name": "ADV-2006-3638",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3638"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00112-09142006\u0026",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00112-09142006\u0026"
},
{
"name": "claroline-claro-file-include(28943)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28943"
},
{
"name": "21948",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21948"
},
{
"name": "21931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21931"
},
{
"name": "ADV-2006-3639",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3639"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00112-09142006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00112-09142006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4844",
"datePublished": "2006-09-19T01:00:00.000Z",
"dateReserved": "2006-09-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:23:41.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2285 (GCVE-0-2006-2285)
Vulnerability from nvd – Published: 2006-05-09 23:00 – Updated: 2024-08-07 17:43
VLAI
Summary
PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/19980 | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/id?1016089 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/25437 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/433247/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/1680 | vdb-entryx_refsource_VUPEN |
| http://securityreason.com/securityalert/856 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/17915 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/bid/17873 | vdb-entryx_refsource_BID |
Date Public
2006-05-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19980"
},
{
"name": "1016089",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016089"
},
{
"name": "25437",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25437"
},
{
"name": "20060508 Dokeos Learning Management System 1.6.4 Remote File Include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433247/100/0/threaded"
},
{
"name": "dokeos-authldap-file-include(26274)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26274"
},
{
"name": "ADV-2006-1680",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1680"
},
{
"name": "856",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/856"
},
{
"name": "17915",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17915"
},
{
"name": "17873",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19980"
},
{
"name": "1016089",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016089"
},
{
"name": "25437",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25437"
},
{
"name": "20060508 Dokeos Learning Management System 1.6.4 Remote File Include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433247/100/0/threaded"
},
{
"name": "dokeos-authldap-file-include(26274)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26274"
},
{
"name": "ADV-2006-1680",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1680"
},
{
"name": "856",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/856"
},
{
"name": "17915",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17915"
},
{
"name": "17873",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17873"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19980",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19980"
},
{
"name": "1016089",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016089"
},
{
"name": "25437",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25437"
},
{
"name": "20060508 Dokeos Learning Management System 1.6.4 Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433247/100/0/threaded"
},
{
"name": "dokeos-authldap-file-include(26274)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26274"
},
{
"name": "ADV-2006-1680",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1680"
},
{
"name": "856",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/856"
},
{
"name": "17915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17915"
},
{
"name": "17873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17873"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2285",
"datePublished": "2006-05-09T23:00:00.000Z",
"dateReserved": "2006-05-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:43:28.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1223 (GCVE-0-2008-1223)
Vulnerability from cvelistv5 – Published: 2008-03-10 17:00 – Updated: 2024-08-07 08:17
VLAI
Summary
Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers to execute arbitrary code via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2008/0798 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/29254 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/28121 | vdb-entryx_refsource_BID |
| http://projects.dokeos.com/index.php?do=details&t… | x_refsource_CONFIRM |
| http://www.dokeos.com/wiki/index.php/Security | x_refsource_CONFIRM |
Date Public
2008-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "dokeos-unspecified-code-execution(41048)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41048"
},
{
"name": "ADV-2008-0798",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0798"
},
{
"name": "29254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29254"
},
{
"name": "28121",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28121"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://projects.dokeos.com/index.php?do=details\u0026task_id=2312"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dokeos.com/wiki/index.php/Security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "dokeos-unspecified-code-execution(41048)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41048"
},
{
"name": "ADV-2008-0798",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0798"
},
{
"name": "29254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29254"
},
{
"name": "28121",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28121"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://projects.dokeos.com/index.php?do=details\u0026task_id=2312"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dokeos.com/wiki/index.php/Security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1223",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dokeos-unspecified-code-execution(41048)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41048"
},
{
"name": "ADV-2008-0798",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0798"
},
{
"name": "29254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29254"
},
{
"name": "28121",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28121"
},
{
"name": "http://projects.dokeos.com/index.php?do=details\u0026task_id=2312",
"refsource": "CONFIRM",
"url": "http://projects.dokeos.com/index.php?do=details\u0026task_id=2312"
},
{
"name": "http://www.dokeos.com/wiki/index.php/Security",
"refsource": "CONFIRM",
"url": "http://www.dokeos.com/wiki/index.php/Security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1223",
"datePublished": "2008-03-10T17:00:00.000Z",
"dateReserved": "2008-03-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:17:34.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1222 (GCVE-0-2008-1222)
Vulnerability from cvelistv5 – Published: 2008-03-10 17:00 – Updated: 2024-08-07 08:17
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.vupen.com/english/advisories/2008/0798 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/29254 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/28121 | vdb-entryx_refsource_BID |
| http://projects.dokeos.com/index.php?do=details&t… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.dokeos.com/wiki/index.php/Security | x_refsource_CONFIRM |
Date Public
2008-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:33.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-0798",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0798"
},
{
"name": "29254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29254"
},
{
"name": "28121",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28121"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://projects.dokeos.com/index.php?do=details\u0026task_id=2312"
},
{
"name": "dokeos-unspecified-xss(41046)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41046"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dokeos.com/wiki/index.php/Security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-0798",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0798"
},
{
"name": "29254",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29254"
},
{
"name": "28121",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28121"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://projects.dokeos.com/index.php?do=details\u0026task_id=2312"
},
{
"name": "dokeos-unspecified-xss(41046)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41046"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dokeos.com/wiki/index.php/Security"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-0798",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0798"
},
{
"name": "29254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29254"
},
{
"name": "28121",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28121"
},
{
"name": "http://projects.dokeos.com/index.php?do=details\u0026task_id=2312",
"refsource": "CONFIRM",
"url": "http://projects.dokeos.com/index.php?do=details\u0026task_id=2312"
},
{
"name": "dokeos-unspecified-xss(41046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41046"
},
{
"name": "http://www.dokeos.com/wiki/index.php/Security",
"refsource": "CONFIRM",
"url": "http://www.dokeos.com/wiki/index.php/Security"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1222",
"datePublished": "2008-03-10T17:00:00.000Z",
"dateReserved": "2008-03-10T00:00:00.000Z",
"dateUpdated": "2024-08-07T08:17:33.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6574 (GCVE-0-2007-6574)
Vulnerability from cvelistv5 – Published: 2007-12-28 21:00 – Updated: 2024-08-07 16:11
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3481 | third-party-advisoryx_refsource_SREASON |
| http://osvdb.org/39771 | vdb-entryx_refsource_OSVDB |
| http://osvdb.org/39772 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/485458/100… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/39773 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/26992 | vdb-entryx_refsource_BID |
Date Public
2007-12-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:05.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3481",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3481"
},
{
"name": "39771",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39771"
},
{
"name": "39772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39772"
},
{
"name": "20071222 [HSC] Dokeos Multiple Cross-Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485458/100/0/threaded"
},
{
"name": "39773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39773"
},
{
"name": "26992",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26992"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3481",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3481"
},
{
"name": "39771",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39771"
},
{
"name": "39772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39772"
},
{
"name": "20071222 [HSC] Dokeos Multiple Cross-Site Scripting Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485458/100/0/threaded"
},
{
"name": "39773",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39773"
},
{
"name": "26992",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26992"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a display_upload_form action, or the forum parameter to (2) forum/viewforum.php or (3) forum/viewthread.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3481",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3481"
},
{
"name": "39771",
"refsource": "OSVDB",
"url": "http://osvdb.org/39771"
},
{
"name": "39772",
"refsource": "OSVDB",
"url": "http://osvdb.org/39772"
},
{
"name": "20071222 [HSC] Dokeos Multiple Cross-Site Scripting Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485458/100/0/threaded"
},
{
"name": "39773",
"refsource": "OSVDB",
"url": "http://osvdb.org/39773"
},
{
"name": "26992",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26992"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6574",
"datePublished": "2007-12-28T21:00:00.000Z",
"dateReserved": "2007-12-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:11:05.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2889 (GCVE-0-2007-2889)
Vulnerability from cvelistv5 – Published: 2007-05-30 01:00 – Updated: 2024-08-07 13:57
VLAI
Summary
SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| https://www.exploit-db.com/exploits/3980 | exploitx_refsource_EXPLOIT-DB |
| http://osvdb.org/38061 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/24136 | vdb-entryx_refsource_BID |
Date Public
2007-05-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "dokeos-courselog-sql-injection(34483)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34483"
},
{
"name": "3980",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/3980"
},
{
"name": "38061",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/38061"
},
{
"name": "24136",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24136"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "dokeos-courselog-sql-injection(34483)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34483"
},
{
"name": "3980",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/3980"
},
{
"name": "38061",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/38061"
},
{
"name": "24136",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24136"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 and earlier allows remote attackers to execute arbitrary SQL commands via the scormcontopen parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dokeos-courselog-sql-injection(34483)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34483"
},
{
"name": "3980",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/3980"
},
{
"name": "38061",
"refsource": "OSVDB",
"url": "http://osvdb.org/38061"
},
{
"name": "24136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24136"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2889",
"datePublished": "2007-05-30T01:00:00.000Z",
"dateReserved": "2007-05-29T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:57:54.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4844 (GCVE-0-2006-4844)
Vulnerability from cvelistv5 – Published: 2006-09-19 01:00 – Updated: 2024-08-07 19:23
VLAI
Summary
PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.claroline.net/wiki/index.php/Changelog… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/20056 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/3638 | vdb-entryx_refsource_VUPEN |
| http://www.gulftech.org/?node=research&article_id… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/21948 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/21931 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2006/3639 | vdb-entryx_refsource_VUPEN |
| http://www.gulftech.org/?node=research&article_id… | x_refsource_MISC |
Date Public
2006-09-14 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:23:41.218Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.claroline.net/wiki/index.php/Changelog_1.7.x#Modification_between_claroline_1.7.7_and_1.7.8"
},
{
"name": "20056",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20056"
},
{
"name": "ADV-2006-3638",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3638"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00112-09142006\u0026"
},
{
"name": "claroline-claro-file-include(28943)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28943"
},
{
"name": "21948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21948"
},
{
"name": "21931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21931"
},
{
"name": "ADV-2006-3639",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3639"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00112-09142006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-14T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.claroline.net/wiki/index.php/Changelog_1.7.x#Modification_between_claroline_1.7.7_and_1.7.8"
},
{
"name": "20056",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20056"
},
{
"name": "ADV-2006-3638",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3638"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00112-09142006\u0026"
},
{
"name": "claroline-claro-file-include(28943)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28943"
},
{
"name": "21948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21948"
},
{
"name": "21931",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21931"
},
{
"name": "ADV-2006-3639",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3639"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00112-09142006"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in inc/claro_init_local.inc.php in Claroline 1.7.7 and earlier, as used in Dokeos and possibly other products, allows remote attackers to execute arbitrary PHP code via a URL in the extAuthSource[newUser] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.claroline.net/wiki/index.php/Changelog_1.7.x#Modification_between_claroline_1.7.7_and_1.7.8",
"refsource": "CONFIRM",
"url": "http://www.claroline.net/wiki/index.php/Changelog_1.7.x#Modification_between_claroline_1.7.7_and_1.7.8"
},
{
"name": "20056",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20056"
},
{
"name": "ADV-2006-3638",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3638"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00112-09142006\u0026",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00112-09142006\u0026"
},
{
"name": "claroline-claro-file-include(28943)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28943"
},
{
"name": "21948",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21948"
},
{
"name": "21931",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21931"
},
{
"name": "ADV-2006-3639",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3639"
},
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00112-09142006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00112-09142006"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4844",
"datePublished": "2006-09-19T01:00:00.000Z",
"dateReserved": "2006-09-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T19:23:41.218Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2285 (GCVE-0-2006-2285)
Vulnerability from cvelistv5 – Published: 2006-05-09 23:00 – Updated: 2024-08-07 17:43
VLAI
Summary
PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/19980 | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/id?1016089 | vdb-entryx_refsource_SECTRACK |
| http://www.osvdb.org/25437 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/433247/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2006/1680 | vdb-entryx_refsource_VUPEN |
| http://securityreason.com/securityalert/856 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/17915 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/bid/17873 | vdb-entryx_refsource_BID |
Date Public
2006-05-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:43:28.963Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19980"
},
{
"name": "1016089",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016089"
},
{
"name": "25437",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25437"
},
{
"name": "20060508 Dokeos Learning Management System 1.6.4 Remote File Include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/433247/100/0/threaded"
},
{
"name": "dokeos-authldap-file-include(26274)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26274"
},
{
"name": "ADV-2006-1680",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1680"
},
{
"name": "856",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/856"
},
{
"name": "17915",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17915"
},
{
"name": "17873",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17873"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19980"
},
{
"name": "1016089",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016089"
},
{
"name": "25437",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25437"
},
{
"name": "20060508 Dokeos Learning Management System 1.6.4 Remote File Include",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/433247/100/0/threaded"
},
{
"name": "dokeos-authldap-file-include(26274)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26274"
},
{
"name": "ADV-2006-1680",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1680"
},
{
"name": "856",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/856"
},
{
"name": "17915",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17915"
},
{
"name": "17873",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17873"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in authldap.php in Dokeos 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the includePath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19980",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19980"
},
{
"name": "1016089",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016089"
},
{
"name": "25437",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25437"
},
{
"name": "20060508 Dokeos Learning Management System 1.6.4 Remote File Include",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/433247/100/0/threaded"
},
{
"name": "dokeos-authldap-file-include(26274)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26274"
},
{
"name": "ADV-2006-1680",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1680"
},
{
"name": "856",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/856"
},
{
"name": "17915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17915"
},
{
"name": "17873",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17873"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2285",
"datePublished": "2006-05-09T23:00:00.000Z",
"dateReserved": "2006-05-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:43:28.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}