RSS   Podatności dla 'Blackboard academic suite'   RSS

2008-07-31
 
CVE-2008-3421

CWE-352
 
 
Multiple cross-site request forgery (CSRF) vulnerabilities in Blackboard Academic Suite 8.0.260.7 allow remote attackers to hijack the authentication of student users for requests that change configuration and enrollments via unspecified input to (1) update_module.jsp, (2) enroll_course.pl, and (3) unenroll.jsp.

 
2008-04-18
 
CVE-2008-1883

CWE-287
 
 
The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string.

 
2006-07-27
 
CVE-2006-3914

CWE-Other
 
 
Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook.

 
2006-02-01
 
CVE-2006-0511

CWE-Other
 
 
** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that "This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product."

 

 >>> Vendor: Blackboard 11 Produkty
Courseinfo
Blackboard
Vista
Blackboard learning and community post systems
Academic suite
Blackboard academic suite
Blackboard learning and community portal suite
Transact suite
Vista/ce
Blackboard learn
Collaborate ultra

Copyright 2024, cxsecurity.com

 

Back to Top