3975 matches found
Authentication Bypass
moodle is vulnerable to authentication bypass. The vulnerability exists as the removal of the cohort role assignment does not properly revoke the associated capabilities...
CVE-2019-14879
A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked where applicable...
CVE-2019-14879
A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked where applicable...
Design/Logic Flaw
A vulnerability was found in Moodle versions 3.7.x before 3.7.3, 3.6.x before 3.6.7 and 3.5.x before 3.5.9. When a cohort role assignment was removed, the associated capabilities were not being revoked where applicable...
CVE-2019-14879
Summary (CVE-2019-14879): Moodle prior to version 3.7.3 (3.7.x), 3.6.x prior to 3.6.7, and 3.5.x prior to 3.5.9 contains a logic issue where, after removing a cohort role assignment, the related capabilities were not revoked (where applicable). This can leave previously granted capabilities in ef...
FTPGetter Professional 5.97.0.223 - Denial of Service Exploit
Exploit Title: FTPGetter Professional 5.97.0.223 - Denial of Service PoC Exploit Author: FULLSHADE Vendor Homepage: https://www.ftpgetter.com/ Software Link: https://www.ftpgetter.com/ftpgetterprosetup.exe Version: v.5.97.0.223 Tested on: Windows 7 CVE : N/A...
CVE-2019-4954
CVE-2019-4954 is rejected and not used; not an active vulnerability entry.
jenkins-script-security-plugin: handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts
A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts...
SYS.2.2.2.A10
Ziel des Bausteins SYS.2.2.2 ist der Schutz von Informationen, die durch und auf Windows 8.1-Clients verarbeiten werden. Die Standard-Anforderung Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify...
Device quarantine for alternate pci assignment methods
ISSUE DESCRIPTION XSA-302 relies on the use of libxl's "assignable-add" feature to prepare devices to be assigned to untrusted guests. Unfortunately, this is not considered a strictly required step for device assignment. The PCI passthrough documentation on the wiki describes alternate ways of...
Rockwellautomation 1763-l16awa Unspecified Vulnerability
An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix 1100 controller 1763-L16AWA, Series A and B, Version 14.000 and prior versions; 1763-L16BBB, Series A and B, Version 14.000 and prior versions; 1763-L16BWA, Series A and B, Version 14.000 and prior versions; and 1763-L16DWD,...
Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write (cisco-sa-20191016-tele-ce-filewrite)
According to its self-reported version, the Cisco TelePresence Collaboration Endpoint CE Cisco TelePresence Software is affected by a vulnerability due to improper permission assignment. An authenticated, local attacker can exploit this by logging in as the remotesupport user to write files to th...
CVE-2019-17605
A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account by also exploiting CVE-2019-17604 via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is chang...
CVE-2019-17605
A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account by also exploiting CVE-2019-17604 via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is chang...
CVE-2019-17605
A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account by also exploiting CVE-2019-17604 via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is chang...
CVE-2019-17605
CVE-2019-17605 affects eyecomms eyeCMS (≤2019-10-15). A mass-assignment flaw lets an attacker modify a candidate id and add a password parameter to take over another candidate’s account, resulting in the other user’s password being changed. This is reported alongside CVE-2019-17604, an Insecure D...
EMC Avamar Server Incorrect Permission Assignment Vulnerability (DSA-2019-138)
According to its self-reported version number, the EMC Avamar Server versions software running on the remote host is 7.4.1, 7.5.0, 7.5.1, 18.2, or 19.1 and missing the appropriate hotfixes. A remote authenticated attacker can potentially exploit this vulnerability to view or modify sensitive back...
Design/Logic Flaw
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by...
CVE-2019-15962 Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by...
CVE-2019-15962 Cisco TelePresence Collaboration Endpoint Software Arbitrary File Write Vulnerability
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE Software could allow an authenticated, local attacker to write files to the /root directory of an affected device. The vulnerability is due to improper permission assignment. An attacker could exploit this vulnerability by...