RSS   Vulnerabilities for 'Docebolms'   RSS

2006-12-31
 
CVE-2006-6857

CWE-Other
 

 
Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

 
2006-05-30
 
CVE-2006-2668

CWE-Other
 

 
Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) modules/credits/business.php, (2) modules/credits/credits.php, or (3) modules/credits/help.php.

 
2005-12-08
 
CVE-2005-4095

 

 
Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and directories via ".." sequences in the Type parameter in a GetFoldersAndFiles command.

 
 
CVE-2005-4094

 

 
connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to execute arbitrary PHP by using the FileUpload command to upload a file that appears to be an image but contains PHP script.

 


Copyright 2024, cxsecurity.com

 

Back to Top