Vulnerabilities > Claroline
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-04-03 | CVE-2006-1595 | Cross-Site Scripting vulnerability in Claroline RQMKHTML.PHP Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command. network claroline | 4.3 |
2006-04-03 | CVE-2006-1594 | Information Disclosure vulnerability in Claroline Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use ".." (dot dot) sequences to (1) read arbitrary files via the file parameter in a rqEditHtml command to document/rqmkhtml.php or (2) execute arbitrary code via the includePath parameter to learnPath/include/scormExport.inc.php. | 7.5 |
2006-01-25 | CVE-2006-0411 | Unspecified vulnerability in Claroline 1.7.2 claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges. | 10.0 |
2005-05-03 | CVE-2005-1377 | Remote Input Validation vulnerability in Claroline 1.5.3/1.6Beta/1.6Rc1 Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary PHP code via unknown vectors. | 7.5 |
2005-05-03 | CVE-2005-1376 | Remote Input Validation vulnerability in Claroline 1.5.3/1.6Beta/1.6Rc1 Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote project administrators to upload arbitrary files. | 7.5 |
2005-05-03 | CVE-2005-1375 | Remote Input Validation vulnerability in Claroline 1.5.3/1.6Beta/1.6Rc1 Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php. | 7.5 |
2005-05-03 | CVE-2005-1374 | Remote Input Validation vulnerability in Claroline 1.5.3/1.6Beta/1.6Rc1 Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php. network claroline | 6.8 |