Chamilo LMS version 1.11.8 suffers from a cross site scripting vulnerability.
145fae68ce6b0f21f4470e872a1562c21b4c0a371856b527f88314d9a984fd26
PhpMesFilms version 1.8 suffers from a remote SQL injection vulnerability.
6af31a7d1ab136392d9d4d8c0728ec3110d58b4152f41bc4865633ae347e9e1c
This is an exploit for Squid's NTLM authenticate overflow (libntlmssp.c). Due to improper bounds checking in ntlm_check_auth, it is possible to overflow the 'pass' variable on the stack with user controlled data of a user defined length.
c43f943216a1703933afd0ce0708c0542f099b2ad7ed5a159c445291d16c2bc5
ILIAS LMS versions 3.10.7 and below and 3.9.9 and below suffer from arbitrary information disclosure vulnerabilities.
4385c99e7757b56e265ad1d18a7a6fe42c3809549e9c70771062653194e4ed55
Secunia Security Advisory - Some vulnerabilities have been reported in CAE LMS, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
120948a2703cdd1d471b1427bcbe0ab1fac8b5c8e411a7e338c0f21038461edc
Campus Virtual-LMS suffers from remote SQL injection, cross site request forgery, and cross site scripting vulnerabilities.
bb6332159cb50b38e5e2b49954b10e245a98a4aaff0da919b5c154fb4be2675a
VisionLMS version 1.0 remote password changing exploit that leverages changePW.php.
355b4c9b088d211fb2b41e0d50a9c7539901f3429c0cfb67173f956a4cac54b8
Dokeos LMS versions 1.8.5 and below remote code execution exploit.
584e9c9177950ed4da6042062cf94c76c7970a655f991c438239afb234bb2919
Dokeos LMS versions 1.8.5 and below remote php code injection exploit that kicks back a reverse shell and leverages whoisonline.php.
f0b09e2882fc239f1226e9456fc3ce190720e3cab172daab59ab0400fac16e39
PhpMesFilms version 1.0 suffers from a remote SQL injection vulnerability in index.php.
588aae46cd4a93fea4694195af913a6aec372bf08de1266adc82299a747442cf
Secunia Security Advisory - SuB-ZeRo has discovered a vulnerability in PhpMesFilms, which can be exploited by malicious people to conduct SQL injection attacks.
6373819a8be573d1b9ab5c41aa8f8175445da87ea959f58e84c7638b39bec2ae
A vulnerability allows an attacker to execute arbitrary code on vulnerable installations of Symantec Veritas Storage Foundation. User interaction is not required to exploit this vulnerability. Authentication is not required to exploit this vulnerability. The specific flaw exists in the functionality exposed by the Storage Foundation for Windows Scheduler Service, VxSchedService.exe, which listens by default on TCP port 4888. The management console allows NULL NTLMSSP authentication thereby enabling a remote attacker to add, modify, or delete snapshots schedules and consequently run arbitrary code under the context of the SYSTEM user.
3652171caf78ee8bd5e8d4dffd1352e18b45cce0e160d428be5706660113a647
The Joomla com_lms component suffers from a SQL injection vulnerability.
e35664abe9b055a846b17c7e948902c20e3dd3399a09d819e244cf76e51d37b3
efront e-learning LMS version 3.1.2 suffers from cross site scripting vulnerabilities.
e6144a7c9d5d381e91195a19b7116260cfd5cf614fa5cc0937251ccf3c3e12ad
A vulnerability allows remote attackers to crash systems with vulnerable installations of the Microsoft Windows operating system. Authentication is not required to exploit this vulnerability. The specific flaw exists within the RPC runtime library rpcrt4.dll during the parsing of RPC-level authentication messages. When parsing packets with the authentication type of NTLMSSP and the authentication level of PACKET, an invalid memory dereference can occur if the verification trailer signature is initialized to 0 as opposed to the standard NTLM signature. Successful exploitation crashes the RPC service and subsequently the entire operating system.
81c3eb66a83ea337ccd5a2db389db399942be188bee24be99a592d845a95a2b3
LMS versions 1.8.9 and below suffer from remote file inclusion vulnerabilities.
e98137712f1609c94065ad9df58a42ab4d44cda1a679fe4434e8e70b5dc539c8
Angel LMS version 7.1 suffers from a remote SQL injection vulnerability.
c27594fcc35b3cf24a6d9e52bf0c74e8c65a6eea3a58eb662db1517786b82bed
Docebo Lms version 3.0.3 suffers from a remote command execution vulnerability.
7e5f86b1ae364da574479a6b204798c843c00e20b2d557a1cd3194972103a9b9
Docebo LMS 2.05 suffers from a remote file inclusion vulnerability.
4fd03771dd7ffd588c5319b2efe27f26fe51697d032fa7df2c325c5dc2e1a2bc
Secunia Security Advisory - beford has discovered some vulnerabilities in DoceboLMS, which can be exploited by malicious people to compromise a vulnerable system.
4500dcb77866c1a7de12747fe0e18e8c32e9735cff6619e4c588485055e999b1
Secunia Security Advisory - lms has reported a weakness in QNX RTOS, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service).
c4e399a9a7ac1f3c8ca77add0649100e261c4e54ba11dbfd99aea4a61671a154
Secunia Security Advisory - rgod has reported two vulnerabilities in DoceboLMS, which can be exploited by malicious people to disclose system information and compromise a vulnerable system.
b5a338102a35618129f20d75813a283b81cff7e3399b9e51eae1d23ef1e7f272
Gentoo Linux Security Advisory GLSA 200409-04 - Squid 2.5.x versions contain a bug in the functions ntlm_fetch_string() and ntlm_get_string() which lack checking the int32_t offset o for negative values. A remote attacker could cause a denial of service situation by sending certain malformed NTLMSSP packets if NTLM authentication is enabled.
37ad8ea0eca8fc282782f4e7b3c6eec6fcad6254abf2c27267ceae3fb1035f74
Microsoft Security Advisory MS01-008 - A flaw in the NTLM Security Support Provider (NTLMSSP) service allows a non-administrative user to gain administrative control over the system. In order to perform this attack the user would need a valid login account and the ability to execute arbitrary code on the system. Microsoft FAQ on this issue available here.
fd372dce83d40400b88e4302defae7822e466e7f14d6a75ba1e1441d17864a81
SFS is a secure, global file system with completely decentralized control. SFS lets you access your files from anywhere and share them with anyone, anywhere. Anyone can set up an SFS server, and any user can access any server from any client. At the same time, SFS uses strong cryptography to provide security over untrusted networks. Thus, you can safely share files across administrative realms without involving administrators or certification authorities.
798cd8a703502cf681454ac0cf54df040463558e56f714bf5d6d7916b131fa50
SFS is a network file system that provides strong security over untrusted networks. At the same time, SFS goes to great lengths to prevent security from hurting performance or becoming an administrative burden. SFS is also a global file system. Users can access any server from any client in the world, and share files with anyone anywhere. There is no need to rely on system administrators or trusted third parties to coordinate the sharing of files across administrative realms. Thus, SFS provides convenient file sharing over the Internet even where security is not a priority.
febe984ca610aa5d321e23eac13504e78add07a053b402d77a52d2b782d1d7f2