adaptive technology resource centre

Top products

The 14 most recently published vulnerabilities affecting adaptive technology resource centre.

• CVE-2007-0381Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed thes...7.5Jan 19, 2007
• CVE-2006-5734Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_to...7.5Nov 6, 2006
• CVE-2006-3996SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) desc or (2) asc parameters.6.5Aug 5, 2006
• CVE-2006-3821Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) ...4.3Jul 25, 2006
• CVE-2006-3662SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who state...7.5Jul 17, 2006
• CVE-2006-3484Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) show_courses or (2) current_cat parameters to (a...2.6Jul 10, 2006
• CVE-2005-4155registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. ...7.5Dec 11, 2005
• CVE-2005-3404Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_h...7.5Nov 1, 2005
• CVE-2005-3403Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php...4.3Nov 1, 2005
• CVE-2005-2956ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obta...5.0Sep 16, 2005
• CVE-2005-2955config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute...4.6Sep 16, 2005
• CVE-2005-2954SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field.7.5Sep 16, 2005
• CVE-2005-2649Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php.4.3Aug 21, 2005
• CVE-2005-2044Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) s...4.3Jun 22, 2005