VYPR

Vendor CVEs

Atutor

All CVEs

56 total · sorted by risk
  • CVE-2008-0828Feb 19, 2008
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) attributes such as style and onmouseover in (a) forum post or (b) mail; or (2) the website field of the profile.

  • CVE-2007-0381Jan 19, 2007
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues.

  • CVE-2006-5734Nov 6, 2006
    risk 0.00cvss epss 0.01

    Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in…

  • CVE-2006-3821Jul 25, 2006
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day parameter in (b) registration.php.

  • CVE-2005-3403Nov 1, 2005
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in…

  • CVE-2005-2955Sep 16, 2005
    risk 0.00cvss epss 0.01

    config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc,…

Page 2 of 2