Victor Manuel Mtz wrote:
> * Package name : Claroline
> Version : 1.7.8
> Upstream Author : Lederer Guillaume <[EMAIL PROTECTED]>
> * URL : http://www.claroline.net
> * License : GPL
> Description : Course Management System for Online Learning
>
> Claroline is a free application based on PHP/MySQL allowing teachers or
> education organizations to create and administrate courses through the
> web.
>
> Developed from teachers to teachers, Claroline is built over sound
> pedagogical principles allowing a large variety of pedagogical setup
> including widening of traditional classroom and online collaborative
> learning.
However, it also seems to be built over unsound web programming principles
allowing a large variety of security exploits including widening of
SQL queries and online collaborative cross-site-scripting.
(CVE-2006-3257, CVE-2006-2868, CVE-2006-2284, CVE-2006-1596, CVE-2006-1595,
CVE-2006-1594, CVE-2006-0411, CVE-2005-1377, CVE-2005-1376, CVE-2005-1375,
CVE-2005-1374 and possibly more, I stopped digging deeper)
I don't think this should enter the archive.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
