Authentication flaw

Identity Services in Apple iOS before 6.1 does not properly handle validation failures of AppleID certificates, which might allow physically proximate attackers to bypass authentication by leveraging an incorrect assignment of an empty string value to an AppleID...

CVE-2012-6102

lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments aka feedback comments of arbitrary users via a crafted URI...

Code injection

lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments aka feedback comments of arbitrary users via a crafted URI...

UBUNTU-CVE-2012-6102

lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments aka feedback comments of arbitrary users via a crafted URI...

CVE-2012-6102

lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments aka feedback comments of arbitrary users via a crafted URI...

RHEL 5 : kvm (RHSA-2012:0149)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2012:0149 advisory. - kernel: kvm: device assignment DoS CVE-2011-4347 Note that Nessus has not tested for this issue but has instead relied only on the application's...

RHEL 5 : kvm (RHSA-2012:0676)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2012:0676 advisory. - kernel: kvm: irqchipinkernel and vcpu-arch.apic inconsistency CVE-2012-1601 - kvm: device assignment page leak CVE-2012-2121 Note that...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php...

SCADA DNP3 assign class function code

...

DSA-2516-1 isc-dhcp - denial of service

Bulletin has no description...

CVE-2012-3383

The mapmetacap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfilteredhtml capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting X...

CVE-2012-2364

Cross-site scripting XSS vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a...

UBUNTU-CVE-2012-2364

Cross-site scripting XSS vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a...

CVE-2011-4296

lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role...

CVE-2011-4295

The moodleenrolexternal:roleassign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated users to gain privileges by making a role assignment...

Authorization

The moodleenrolexternal:roleassign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated users to gain privileges by making a role assignment...

CVE-2011-4295

The moodleenrolexternal:roleassign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated users to gain privileges by making a role assignment...

CVE-2011-4296

lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role...

CVE-2011-4296

CVE-2011-4296 concerns Moodle where lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, allowing remote authenticated users to modify course filters by leveraging this role. Affected versions: Moodle 2.0.x up to 2.0.3; M...

PT-2012-1843 · Moodle · Moodle

Name of the Vulnerable Software and Affected Versions: Moodle versions 2.0.x through 2.0.3 Moodle versions 2.1.x through 2.1.0 Description: The issue concerns a lack of authorization check in the moodle enrol external:role assign function, allowing remote authenticated users to gain privileges by...