Vulnerabilities > Adaptive Technology Resource Centre

DATE	CVE	VULNERABILITY TITLE	RISK
2007-01-19	CVE-2007-0381	SQL-Injection vulnerability in Adaptive Technology Resource Centre Atutor 1.5.3.2 Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. network low complexity adaptive-technology-resource-centre	7.5
2006-11-06	CVE-2006-5734	Remote File Include vulnerability in Adaptive Technology Resource Centre Atutor 1.5.3.2 Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php, and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php. network low complexity adaptive-technology-resource-centre	7.5
2006-08-05	CVE-2006-3996	SQL Injection vulnerability in ATutor SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters. network low complexity adaptive-technology-resource-centre	6.5
2006-07-25	CVE-2006-3821	Cross-Site Scripting vulnerability in Atutor Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php. network adaptive-technology-resource-centre	4.3
2006-07-18	CVE-2006-3662	Input Validation vulnerability in Adaptive Technology Resource Centre Atutor 1.5.3 DISPUTED SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. network low complexity adaptive-technology-resource-centre	7.5
2006-07-10	CVE-2006-3484	Cross-Site Scripting vulnerability in ATutor Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a) admin/create_course.php, show_courses parameter to (b) users/create_course.php, (3) p parameter to (c) documentation/admin/, (4) forgot parameter to (d) password_reminder.php, (5) cat parameter to (e) users/browse.php, or the (6) submit parameter to admin/fix_content.php. network high complexity adaptive-technology-resource-centre	2.6
2005-12-11	CVE-2005-4155	Unspecified vulnerability in Adaptive Technology Resource Centre Atutor 1.5.1Pl2 registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. network low complexity adaptive-technology-resource-centre	7.5
2005-11-01	CVE-2005-3405	Input Validation vulnerability in ATutor ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbitrary PHP functions via a direct request to forum.inc.php with a modified addslashes parameter with either the (1) asc or (2) desc parameters set, possibly due to an eval injection vulnerability. network low complexity adaptive-technology-resource-centre	7.5
2005-11-01	CVE-2005-3404	Input Validation vulnerability in ATutor Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php. network low complexity adaptive-technology-resource-centre	7.5
2005-11-01	CVE-2005-3403	Input Validation vulnerability in ATutor Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in add_note.php. network adaptive-technology-resource-centre	4.3