dokeos

Top products

The 15 most recently published vulnerabilities affecting dokeos.

• CVE-2012-5776Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in main/auth/profile.php.5.4Jan 29, 2020
• CVE-2013-6341SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows remote attackers to execute arbitrary SQL commands via the language parameter to index.php.7.5Dec 5, 2013
• CVE-2009-2009Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) curdirpath parameter to main/doc...4.3Jun 8, 2009
• CVE-2009-2008Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and t...6.8Jun 8, 2009
• CVE-2009-2007Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to (1) read portions of arbitrary files via a .. (dot dot) and a ..\ (dot dot backslash) i...5.0Jun 8, 2009
• CVE-2009-2006Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/au...2.6Jun 8, 2009
• CVE-2009-2005Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and possibly earlier, allows remote attackers to hijack the authentication of unspecified victims and add new personal agenda items ...6.8Jun 8, 2009
• CVE-2009-2004Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) student and (2) cou...7.5Jun 8, 2009
• CVE-2008-3363Directory traversal vulnerability in user_portal.php in the Dokeos E-Learning System 1.8.5 on Windows allows remote attackers to include and execute arbitrary local files via a ..\ (dot dot backsla...7.5Jul 30, 2008
• CVE-2008-1223Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers to execute arbitrary code via unspecified vectors.7.5Mar 10, 2008
• CVE-2008-1222Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.4.3Mar 10, 2008
• CVE-2008-0851Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to inscription.php, (2) courseCode p...4.3Feb 21, 2008
• CVE-2008-0850Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column paramet...7.5Feb 21, 2008
• CVE-2007-6574Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the origin parameter to work/work.php in a disp...4.3Dec 28, 2007
• CVE-2007-6479Unrestricted file upload vulnerability in the "My productions" component for main/auth/profile.php (aka the "My profile" page) in Dokeos 1.8.4 allows remote authenticated users to upload and execut...4.9Dec 20, 2007