7736 matches found
UBUNTU-CVE-2017-7490
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing...
CVE-2017-7489
In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link...
UBUNTU-CVE-2017-7489
In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link...
CVE-2017-7490
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing...
CVE-2017-7489
In Moodle 2.x and 3.x, remote authenticated users can take ownership of arbitrary blogs by editing an external blog link...
CVE-2017-7489
CVE-2017-7489 affects Moodle 2.x and 3.x. The issue allows remote authenticated users to take ownership of arbitrary blogs by editing an external blog link. The connected sources reiterate Moodle as the affected software and the blog-edit capability as the vulnerability trigger; no explicit patch...
CVE-2017-7490
CVE-2017-7490 affects Moodle 2.x and 3.x. The vulnerability arises from a missing capability check that enables searching of arbitrary blogs, exposing potential information that should be restricted. The provided documents describe the flaw as a capability check omission but do not supply additio...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...
Cross site scripting
Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-4880
Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-4884
Cross-site request forgery CSRF vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...
CVE-2016-4881
Cross-site request forgery CSRF vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...
CVE-2016-4884
Cross-site request forgery CSRF vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...
CVE-2016-4880
Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...
CVE-2016-4881
Cross-site request forgery CSRF vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...
CVE-2016-4884
Cross-site request forgery CSRF vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...
CVE-2016-4880
Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-4884
CVE-2016-4884 is a CSRF vulnerability in baserCMS Blog plugin (version 3.0.10 and earlier). The issue allows a logged-in administrator to be forced into unintended operations via a malicious URL when the Blog plugin is enabled, enabling an attacker to hijack administrator actions. Affected produc...
CVE-2016-4881
Cross-site request forgery CSRF vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors...