Vulnerabilities > Adaptive Technology Resource Centre > Atutor > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-05 | CVE-2006-3996 | SQL Injection vulnerability in ATutor SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters. | 6.5 |
2006-07-25 | CVE-2006-3821 | Cross-Site Scripting vulnerability in Atutor Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php. | 4.3 |
2005-11-01 | CVE-2005-3403 | Input Validation vulnerability in ATutor Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in add_note.php. | 4.3 |
2005-09-16 | CVE-2005-2956 | Remote Information Disclosure vulnerability in Adaptive Technology Resource Centre Atutor 1.5.1 ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files. | 5.0 |
2005-09-16 | CVE-2005-2955 | Local Security vulnerability in Adaptive Technology Resource Centre Atutor 1.5.1 config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others. | 4.6 |
2005-08-23 | CVE-2005-2649 | Cross-Site Scripting vulnerability in Adaptive Technology Resource Centre Atutor 1.5.1 Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php. | 4.3 |
2005-06-16 | CVE-2005-2044 | Cross-Site Scripting vulnerability in ATutor Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter to inbox/send_message.php, the (5) search, (6) words, (7) include, (8) find_in, (9) display_as, or (10) search parameter to search.php, the (11) submit, (12) query, or (13) field parameter to tile.php, the (14) us parameter to forum/subscribe_forum.php, or the (15) roles[], (16) status, (17) submit, or (18) reset_filter parameters to directory.php. | 4.3 |