UBUNTU-CVE-2024-51489

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to send messag...

PT-2024-34653 · Ampache · Ampache

Name of the Vulnerable Software and Affected Versions: Ampache versions prior to 7.0.1 Description: The current implementation of token parsing in Ampache does not adequately validate CSRF tokens when users send messages to one another. This issue could be exploited to forge CSRF attacks, allowin...

CVE-2024-51988

RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3...

GHSA-P9CX-F595-H79H Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...

Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...

CVE-2024-43438

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...

CVE-2024-43438

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...

UBUNTU-CVE-2024-43434

The bulk message sending feature in Moodle's Feedback module's non-respondents report had an incorrect CSRF token check, leading to a CSRF vulnerability...

UBUNTU-CVE-2024-43438

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...

Cross-site Request Forgery (CSRF)

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the bulk message sending feature. An attacker can manipulate the user's browser to perform unintended actions on the web application by tricking the victim in...

CVE-2024-43438

CVE-2024-43438 affects Moodle’s Feedback feature: in the activity’s non-respondents report, bulk messaging did not verify that recipients are limited to the users returned by the report, enabling potential messaging of unintended users. The CVSS 3.1 vector indicates Network attack vector, Low att...

CVE-2024-43438 Moodle: idor in feedback non-respondents report allows messaging arbitrary site users

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...

CVE-2024-43438 Moodle: idor in feedback non-respondents report allows messaging arbitrary site users

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...

PT-2024-30582 · Feedback +1 · Feedback +1

Name of the Vulnerable Software and Affected Versions: Feedback affected versions not specified Description: A flaw was found in Feedback where bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report...

Moodle 安全漏洞

Moodle is a free e-learning software platform open-sourced by Moodle, also known as a course management system, learning management system, or virtual learning environment. A security vulnerability exists in Moodle that originates from bulk messaging of unauthenticated message recipients...

The vulnerability of the MMS multimedia library protocol in FFmpeg, related to reading data beyond the buffer’s allowed limits, allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the MMS protocol in the FFmpeg multimedia library relates to reading data beyond the allowed buffer limits. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...

CVE-2024-51988

RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the configure permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HT...

PT-2024-8211 · Cisco · Cisco Unified Communications Manager Im & Presence Service

Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P affected versions not specified Description: A vulnerability in the logging component could allow an authenticated, remote attacker to view sensitive information in...

angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication

A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email...

angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication

A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email...