UBUNTU-CVE-2016-3733

The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber...

CVE-2016-3729

CVE-2016-3729 affects Moodle complaints of improper access control: the user editing form in Moodle versions 3.0–3.0.3, 2.9–2.9.5, 2.8–2.8.11, and 2.7–2.7.13 (and earlier) allows remote authenticated users to edit profile fields that are supposed to be locked by the administrator. The connected a...

CVE-2016-3733

CVE-2016-3733 affects Moodle versions: 3.0–3.0.3, 2.9–2.9.5, 2.8–2.8.11, 2.7–2.7.13, and earlier. Root cause: the Moodle “restore teacher” feature allows remote authenticated users to overwrite the course idnumber. Impact: enables modification of a course identifier by an authenticated actor. Exp...

CVE-2016-1713

Unrestricted file upload vulnerability in the SettingsVtigerCompanyDetailsSaveAction class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then...

CVE-2017-7357

Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file...

CVE-2016-4889

CVE-2016-4889 affects ManageEngine ServiceDesk Plus prior to 9.0. A vulnerability allows remote authenticated guest users to access functions that should be restricted, due to failure to enforce access controls on unknown functions. Impact is described as unspecified in some sources, but the comm...

CVE-2015-8356

Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the 1 xlsprofile parameter to admin/mcartxlsimport.php or the 2 xlsiblockid, 3 xlsiblocksectionid, 4 firstRow, 5 titleRow, 6...

Sql injection

Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the 1 xlsprofile parameter to admin/mcartxlsimport.php or the 2 xlsiblockid, 3 xlsiblocksectionid, 4 firstRow, 5 titleRow, 6...

OpenSSH xauth Input Authentication Vulnerability

OpenSSH OpenBSD Secure Shell is a set of connection tools maintained by the OpenBSD Project Group for secure access to remote computers. OpenSSH has a security vulnerability. A remotely authenticated user can read or modify files on the target system and can execute the xauth command on the targe...

CVE-2016-10322

Synology Photo Station (pre-6.3-2958) is affected by CVE-2016-10322. Remote authenticated guest users can inject shell metacharacters in the X-Forwarded-For header to photo/login.php and execute arbitrary commands. Impact is described as remote code execution with the attacker in a low-privilege ...

CVE-2016-10310

Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service resource consumption and process crash by sending a crafted packet several times, aka SAP Security Note 2308778...

CVE-2016-10310

Summary: CVE-2016-10310 is a buffer overflow in the SAP SQL Anywhere MobiLink Synchronization Server component. The vulnerability affects SAP SQL Anywhere 17 and possibly earlier versions and can be triggered by specially crafted packets sent to the service, allowing remote authenticated users to...

CVE-2016-10304

The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to cause a denial of service out-of-memory error and service instability via a crafted serialized Java object, as demonstrated by serial.cc3, aka SAP Security Note 2315788...

CVE-2007-6760

Dataprobe iBootBar with 2007-09-20 and possibly later beta firmware allows remote attackers to bypass authentication, and conduct power-cycle attacks on connected devices, via a DCCOOKIE cookie...

CVE-2017-7400

OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping...

CVE-2017-2381

An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "sudo" component. It allows remote authenticated users to gain privileges by leveraging membership in the admin group on a network directory server...

CVE-2017-2381

Summary: CVE-2017-2381 affects macOS prior to 10.12.4, involving the sudo component. An access/privilege-elevation issue could allow remote authenticated users to gain privileges by exploiting membership in the admin group on a network directory server. Root cause: permission checking flaw in sud...

DEBIAN-CVE-2017-6463

NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote authenticated users to cause a denial of service daemon crash via an invalid setting in a :config directive, related to the unpeer option...

CVE-2017-6458

CVE-2017-6458 affects NTP where multiple buffer overflows in the ctl_put* functions exist in versions before 4.2.8p10 and 4.3.x before 4.3.94. An authenticated remote attacker could exploit these issues to crash the ntpd process or cause unspecified impact via a long variable. The available sourc...

CVE-2017-6369

Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so...