GeneralInformation

Hostnames	inlibro.net
Domains	inlibro.net
Country	Canada
City	Montréal
Organization	GloboTech Communications
ISP	GloboTech Communications
ASN	AS36666

WebTechnologies

CDN

jsDelivr

JavaScript frameworks

RequireJS

JavaScript graphics

MathJax2.7.9

JavaScript libraries

jQuery3.7.1

LMS

Moodle

Programming languages

PHP

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2024(12)

CVE-2024-48901

4.3A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report.

CVE-2024-48898

4.3A vulnerability was found in Moodle. Users with access to delete audiences from reports could delete audiences from other reports that they do not have permission to delete from.

CVE-2024-48897

4.3A vulnerability was found in Moodle. Additional checks are required to ensure users can only edit or delete RSS feeds that they have permission to modify.

CVE-2024-48896

4.3A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site.

CVE-2024-38276

8.8Incorrect CSRF token checks resulted in multiple CSRF risks.

CVE-2024-34008

8.8Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF risk.

CVE-2024-25983

3.5Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page).

CVE-2024-25982

4.3The link to update all installed language packs did not include the necessary token to prevent a CSRF risk.

CVE-2024-25981

4.3Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers.

CVE-2024-25980

4.3Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers.

CVE-2024-25979

5.3The URL parameters accepted by forum search were not limited to the allowed parameters.

CVE-2024-25978

7.5Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality.

2023(2)

CVE-2023-46858

5.4Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content [are] used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."

CVE-2023-39663

7.5Mathjax up to v2.7.9 was discovered to contain two Regular expression Denial of Service (ReDoS) vulnerabilities in MathJax.js via the components pattern and markdownPattern. NOTE: the vendor disputes this because the regular expressions are not applied to user input; thus, there is no risk.

2013(4)

CVE-2013-4365

7.5Heap-based buffer overflow in the fcgid_header_bucket_read function in fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache HTTP Server allows remote attackers to have an unspecified impact via unknown vectors.

CVE-2013-2765

5.0The ModSecurity module before 2.7.4 for the Apache HTTP Server allows remote attackers to cause a denial of service (NULL pointer dereference, process crash, and disk consumption) via a POST request with a large body and a crafted Content-Type header.

CVE-2013-0942

4.3Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Agent 7.1 before 7.1.1 for Web for Internet Information Services, and 7.1 before 7.1.1 for Web for Apache, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2013-0941

2.1EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 for Apache Web Server, RSA Web Agent before 5.3.5 for IIS, RSA PAM Agent before 7.0, and RSA Agent before 6.1.4 for Microsoft Windows use an improper encryption algorithm and a weak key for maintaining the stored data of the node secret for the SecurID Authentication API, which allows local users to obtain sensitive information via cryptographic attacks on this data.

2012(3)

CVE-2012-4360

4.3Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2012-4001

5.0The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers.

CVE-2012-3526

5.0The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the Apache HTTP Server allows remote attackers to cause a denial of service (server or application crash) via multiple X-Forwarded-For headers in a request.

2011(2)

CVE-2011-2688

7.5SQL injection vulnerability in mysql/mysql-auth.pl in the mod_authnz_external module 3.2.5 and earlier for the Apache HTTP Server allows remote attackers to execute arbitrary SQL commands via the user field.

CVE-2011-1176

4.3The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileges by leveraging the root uid and root gid of an mpm-itk process.

2010(2)

CVE-2010-4208

4.3Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf.

CVE-2010-4207

4.3Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf.

2009(2)

CVE-2009-2299

5.0The Artofdefence Hyperguard Web Application Firewall (WAF) module before 2.5.5-11635, 3.0 before 3.0.3-11636, and 3.1 before 3.1.1-11637, a module for the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via an HTTP request with a large Content-Length value but no POST data.

CVE-2009-0796

2.6Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.

2007(2)

CVE-2007-6538

7.5SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVE-2007-4723

7.5Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.

OpenPorts

80 443

80 / tcp

348310951 | 2025-02-22T23:28:59.207728

Hashes

hash

1992166864

http.dom_hash

471906108

http.html_hash

348310951

http.server_hash

1305632269

http.title_hash

-1828380909

302 Found

HTTP/1.1 302 Found
Date: Sat, 22 Feb 2025 23:28:58 GMT
Server: Apache/2.4.62 (Debian)
Location: https://stanislas-test.lycie2.inlibro.net/
Content-Length: 304
Content-Type: text/html; charset=iso-8859-1

Vulnerabilities

3 7 2

443 / tcp

-488709458 | 2025-03-05T09:03:19.820816

Hashes

hash

-163039010

http.dom_hash

2013419829

http.favicon.hash

-202490660

http.html_hash

-488709458

http.robots_hash

582561071

http.server_hash

1305632269

Accueil | Plateforme pédagogique du collège Stanislas de Montréal

HTTP/1.1 200 OK
Date: Wed, 05 Mar 2025 09:03:19 GMT
Server: Apache/2.4.62 (Debian)
Set-Cookie: MoodleSession=dn8tnur52aq6abpumvpr49n0c0; path=/; secure; SameSite=None
Expires: Mon, 20 Aug 1969 09:23:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Language: fr
Content-Script-Type: text/javascript
Content-Style-Type: text/css
X-UA-Compatible: IE=edge
Cache-Control: post-check=0, pre-check=0, no-transform
Last-Modified: Wed, 05 Mar 2025 09:03:19 GMT
Accept-Ranges: none
X-Frame-Options: sameorigin
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            36:ab:c8:10:54:7e:b2:29:ff:4b:65:ba:15:62:89:7c
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA
        Validity
            Not Before: Sep  8 00:00:00 2023 GMT
            Not After : Oct  8 23:59:59 2024 GMT
        Subject: CN=*.inlibro.net
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:aa:b1:b3:62:09:d3:3c:01:31:4e:9f:2d:31:2f:
                    28:df:24:30:3c:12:b7:82:2a:3c:30:cc:5b:25:53:
                    23:a9:34:21:8a:5a:07:31:db:e8:28:00:c2:1a:8e:
                    60:ae:a7:83:ca:08:71:cc:39:64:c5:c1:6f:8f:e6:
                    a2:03:92:e5:ec:79:bd:cc:6c:5b:19:5b:7a:8e:07:
                    98:fc:0f:c9:47:23:de:e2:90:07:bd:08:5c:af:9c:
                    08:71:81:21:c9:52:26:e1:39:94:f9:1f:00:4e:b8:
                    68:f1:f5:e0:91:d1:d6:5c:98:f5:4f:a4:89:27:5a:
                    86:84:37:60:50:11:71:65:1a:b0:a0:06:c7:79:89:
                    0f:81:1f:08:72:02:c2:ef:55:80:9b:32:d2:27:f5:
                    88:6f:d9:3a:97:52:25:81:c4:30:2b:a5:f6:dc:b9:
                    55:d4:de:12:ba:3b:9a:9f:f9:7e:5c:5d:98:15:3c:
                    fc:40:dd:bd:02:0e:f6:ad:df:ec:4a:97:96:24:5c:
                    e2:3b:84:22:d2:8c:a5:66:10:ed:8b:50:b9:e7:7f:
                    52:e1:5e:f3:31:58:56:72:6a:e8:c2:a4:51:e3:02:
                    53:33:e8:a6:04:ff:a0:40:75:c0:28:1a:76:fb:16:
                    a4:6b:ab:84:31:37:37:93:6e:b3:9c:ec:0b:b8:0f:
                    a5:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Authority Key Identifier: 
                8D:8C:5E:C4:54:AD:8A:E1:77:E9:9B:F9:9B:05:E1:B8:01:8D:61:E1
            X509v3 Subject Key Identifier: 
                85:5A:69:7A:AA:14:85:3B:7E:F8:1B:59:08:74:A4:C5:8F:5D:57:DD
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Certificate Policies: 
                Policy: 1.3.6.1.4.1.6449.1.2.2.7
                  CPS: https://sectigo.com/CPS
                Policy: 2.23.140.1.2.1
            Authority Information Access: 
                CA Issuers - URI:http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt
                OCSP - URI:http://ocsp.sectigo.com
            X509v3 Subject Alternative Name: 
                DNS:*.inlibro.net, DNS:inlibro.net
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 76:FF:88:3F:0A:B6:FB:95:51:C2:61:CC:F5:87:BA:34:
                                B4:A4:CD:BB:29:DC:68:42:0A:9F:E6:67:4C:5A:3A:74
                    Timestamp : Sep  8 18:27:40.096 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:51:30:E0:54:3E:2A:9C:E3:63:ED:5B:30:
                                72:DF:D0:1D:C9:1E:38:00:7F:E2:8C:4B:57:48:D2:00:
                                9F:F2:42:CF:02:21:00:D8:F5:BF:D4:3B:07:12:EB:1A:
                                74:3F:EC:73:72:2D:76:9B:15:27:AE:B1:44:DB:9D:A7:
                                EB:B7:AE:95:5C:8D:B9
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
                                91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
                    Timestamp : Sep  8 18:27:40.175 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:3D:D2:64:0F:AB:D3:BF:4C:A9:7B:BC:20:
                                AD:C2:0A:7E:56:49:D3:57:91:C1:3E:31:0F:93:1A:43:
                                7B:52:1D:7E:02:20:02:43:F4:C8:31:D4:36:E9:40:0E:
                                D5:CC:D2:C4:89:A4:03:2A:6D:93:70:1E:9F:CA:5A:0D:
                                58:39:8A:9B:63:4E
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
                                32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
                    Timestamp : Sep  8 18:27:40.214 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:45:02:20:4A:77:E6:EC:E9:6C:01:F3:21:B3:C3:DA:
                                8D:75:B2:22:1D:AA:17:8D:12:12:9D:B6:74:10:C6:A1:
                                DD:5F:FB:F0:02:21:00:85:DB:DE:A9:1C:6E:66:14:E5:
                                08:05:73:20:52:A6:BF:AE:CF:24:CB:72:FB:5A:28:19:
                                5A:7C:2D:A5:AC:22:FF
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        4c:86:e3:03:45:af:b8:76:35:bc:18:a7:fc:ac:82:4a:bc:fd:
        b3:ad:7b:ba:db:0b:cc:28:94:70:35:cf:7f:36:aa:fc:5d:48:
        85:66:06:26:46:16:b8:20:7b:22:ff:20:7b:29:2a:d3:25:f9:
        f7:00:28:30:66:25:ec:e0:0e:27:e2:cc:8f:85:64:79:fc:16:
        58:00:cf:cd:b0:73:e5:ac:57:ad:a4:96:be:e6:b5:85:ac:28:
        b0:27:c7:2e:17:6e:77:fc:bf:02:cb:82:71:bf:a8:65:92:33:
        fe:13:2d:f9:13:96:fe:46:50:58:c2:4b:c0:e0:62:41:4a:e5:
        39:35:1a:0b:00:c2:9d:ea:ca:5d:30:04:23:24:12:2b:21:d1:
        2a:c6:ae:b4:c8:07:21:aa:a2:27:7a:5c:10:dd:34:9c:28:1b:
        2d:3d:5b:b3:8e:95:5c:c5:36:7d:67:43:8d:0a:69:00:a8:89:
        55:e8:7a:42:b4:0a:b0:a6:70:8d:8b:96:ff:44:af:cf:5b:61:
        1d:49:f7:ea:bb:65:ff:f8:71:92:4f:b9:4d:59:df:6a:47:1b:
        cc:81:4d:23:1d:79:a0:20:58:14:53:46:b6:e7:dd:f1:dc:27:
        1b:fa:b7:c7:c8:fd:5b:3b:5f:aa:75:0a:b9:2c:51:a4:b8:dc:
        8f:f7:01:ae

Vulnerabilities

8 18 3

67.215.3.122

Last Seen: 2025-03-05

GeneralInformation

WebTechnologies

Vulnerabilities

OpenPorts

80 / tcp

348310951 | 2025-02-22T23:28:59.207728

Hashes

Apache httpd2.4.62

443 / tcp

-488709458 | 2025-03-05T09:03:19.820816

Hashes

Apache httpd2.4.62

Products

Pricing

Contact Us

67.215.3.122

Last Seen: 2025-03-05

GeneralInformation

WebTechnologies

Vulnerabilities All ports Port 80 Port 443 Latest CVSS

OpenPorts

80 / tcp 348310951 | 2025-02-22T23:28:59.207728

Hashes

Apache httpd2.4.62

443 / tcp -488709458 | 2025-03-05T09:03:19.820816

Hashes

Apache httpd2.4.62

Products

Pricing

Contact Us

Vulnerabilities

80 / tcp

348310951 | 2025-02-22T23:28:59.207728

443 / tcp

-488709458 | 2025-03-05T09:03:19.820816