CVE-2012-3395

SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands via crafted form data...

Design/Logic Flaw

lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authenticated users to bypass intended access...

CVE-2012-3398

CVE-2012-3398 describes an algorithmic complexity DoS in Moodle. The vulnerability affects Moodle releases: 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4. It arises when remote authenticated users use the advanced-search on a highly populated database, causi...

CVE-2012-3383

The CVE-2012-3383 issue affects WordPress 3.4.x prior to 3.4.2. The root cause is in map_meta_cap within wp-includes/capabilities.php: when multisite is enabled, unfiltered_html is not properly assigned, letting remote authenticated users bypass access controls and perform cross-site scripting (X...

CVE-2012-2353

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section...

CVE-2012-2354

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL...

UBUNTU-CVE-2012-2355

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use capability requirements and add arbitrary questions to a quiz via the questions feature...

UBUNTU-CVE-2012-2364

Cross-site scripting XSS vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a...

UBUNTU-CVE-2012-2360

Cross-site scripting XSS vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title...

CVE-2012-2358

CVE-2012-2358 affects Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3. A remote authenticated user can bypass an activity’s read-only state and modify the database by leveraging the student role to edit existing database activity entries. The provided documents do not specif...

CVE-2012-2367

The CVE affects Moodle versions: 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3. A remote authenticated user can bypass the moodle/calendar:manageownentries capability and create a calendar entry via New Entry. Root cause is a capability check bypass in the ca...

CVE-2011-4581

mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface...

CVE-2012-3008

Stack-based buffer overflow in OSIsoft PI OPC DA Interface before 2.3.20.9 allows remote authenticated users to execute arbitrary code by sending packet data during the processing of messages associated with OPC items...

CVE-2012-3117

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to HTTP...

CVE-2012-1739

Technical details about CVE-2012-1739 are not publicly available in the provided connected documents. Monitor for updates from Oracle advisories and CVE records for affected products, versions, impact, and remediation.

PYSEC-2012-40

The Nova scheduler in OpenStack Compute Nova Folsom 2012.2 and Essex 2012.1, when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service excessive database lookup calls and server hang via a request with many repeated IDs in the...

CVE-2012-0796

class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted 1 From: or 2 Sender: header...

CVE-2012-0797

The CVE-2012-0797 issue affects Moodle webservices authentication: remote authenticated users could bypass the deleted status and continue using a server via a token. Affected versions are Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1. The root cause is improper handling o...

PT-2012-3446 · Oracle +3 · Mysql Server +3

Name of the Vulnerable Software and Affected Versions: Oracle MySQL Server versions 5.1.62 and earlier Oracle MySQL Server versions 5.5.22 and earlier Description: The issue affects the availability of the system, related to the Server Optimizer component. It can be exploited by remote...

CVE-2011-4288

The CVE-2011-4288 issue affects Moodle 1.9.x up to 1.9.11 and 2.0.x up to 2.0.2, due to improper associations between teachers and groups. This allows remote authenticated users with the teacher role to read quiz reports of arbitrary students. Root cause: flawed access control for teacher-group a...