Lucene search
K

9574 matches found

NVD
NVD
added 2013/03/25 9:55 p.m.21 views

CVE-2013-1829

calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the student role...

4CVSS5.7AI score0.01118EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2013/03/01 12:0 a.m.31 views

Ubuntu: Security Advisory (USN-1745-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.9CVSS7AI score0.01434EPSS
Exploits3References2
Ubuntu
Ubuntu
added 2013/02/22 5:39 a.m.71 views

USN-1744-1: Linux kernel vulnerability

Suleiman Souhlal, Salman Qazi, Aaron Durbin and Michael Davidson discovered a race condition in the Linux kernel's ptrace syscall. An unprivileged local attacker could exploit this flaw to run programs as an administrator. CVE-2013-0871 A flaw was discovered in the Edgeort USB serial converter...

6.9CVSS6.6AI score0.01434EPSS
Exploits3
RubySec
RubySec
added 2013/02/21 12:0 a.m.18 views

Spree app/models/spree/user.rb Mass Role Assignment Remote Privilege Escalation

Spree contains a flaw that leads to unauthorized privileges being gained. The issue is triggered as certain input related to mass role assignment in app/models/spree/user.rb is not properly verified before being used to update a user. This may allow a remote attacker to assign arbitrary roles and...

4CVSS4.5AI score0.01265EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2013/02/21 12:0 a.m.26 views

Spree app/models/spree/user.rb Mass Role Assignment Remote Privilege Escalation

Spree contains a flaw that leads to unauthorized privileges being gained. The issue is triggered as certain input related to mass role assignment in app/models/spree/user.rb is not properly verified before being used to update a user. This may allow a remote attacker to assign arbitrary roles and...

4CVSS4.5AI score0.01265EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2013/02/20 9:33 p.m.13 views

JBoss: AuthorizationInterceptor allows JMX operation to proceed despite authorization failure

The AuthorizationInterceptor in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and...

4.9CVSS6.4AI score0.02178EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2013/02/12 4:9 p.m.7 views

Distributed Red Team Operations with Cobalt Strike

What if you could easily host malicious websites, send phishing emails, and manage compromised hosts across diverse internet addresses? This week's Cobalt Strike adds the ability to manage multiple attack servers at once. Here's how it works: When you connect to two or more servers, Cobalt Strike...

6.6AI score
Exploits0
NVD
NVD
added 2013/02/05 11:55 p.m.31 views

CVE-2012-5478

The AuthorizationInterceptor in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and...

4.9CVSS6.2AI score0.02178EPSS
Exploits0References15
Prion
Prion
added 2013/02/05 11:55 p.m.28 views

Design/Logic Flaw

The AuthorizationInterceptor in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and...

4.9CVSS6.7AI score0.02178EPSS
Exploits0References15Affected Software3
RedHat Linux
RedHat Linux
added 2013/01/31 7:31 p.m.6 views

JBoss: AuthorizationInterceptor allows JMX operation to proceed despite authorization failure

The AuthorizationInterceptor in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and...

4.9CVSS6.4AI score0.02178EPSS
Exploits0References4
NVD
NVD
added 2013/01/27 10:55 p.m.25 views

CVE-2012-6098

grade/edit/outcome/editform.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into...

4CVSS6.1AI score0.0111EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2013/01/27 10:55 p.m.31 views

CVE-2012-6098

grade/edit/outcome/editform.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into...

4CVSS5.9AI score0.0111EPSS
Exploits0References3
Prion
Prion
added 2013/01/27 10:55 p.m.23 views

Design/Logic Flaw

grade/edit/outcome/editform.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into...

4CVSS6.7AI score0.0111EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2013/01/27 10:55 p.m.4 views

UBUNTU-CVE-2012-6104

blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed...

5CVSS5.8AI score0.014EPSS
Exploits0References4
Cvelist
Cvelist
added 2013/01/27 10:0 p.m.30 views

CVE-2012-6106

calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object...

6.1AI score0.01272EPSS
Exploits0References3
CVE
CVE
added 2013/01/27 10:0 p.m.50 views

CVE-2012-6098

CVE-2012-6098 affects Moodle: grade/edit/outcome/edit_form.php where the moodle/grade:manage capability is not properly enforced. From Moodle 1.9.x (1.9.19) and 2.1.x up to 2.1.10, 2.2.x up to 2.2.7, 2.3.x up to 2.3.4, and 2.4.x up to 2.4.1, remote authenticated users with a teacher role can conv...

4CVSS6.3AI score0.0111EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2013/01/27 10:0 p.m.30 views

CVE-2012-6101

Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to 1 backup/backupfilesedit.php, 2 comment/commentpost.php, 3...

6.7AI score0.01207EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2013/01/25 9:59 a.m.9 views

I hack, reflection on the role of hacker

The role of hacker is recognized as crucial today in cyber security, these specialists are the nightmare of security experts but their knowledge is fundamental to understand the vulnerabilities of our infrastructures … think like a hacker if you want really protect your system. But hacking is a...

6.7AI score
Exploits0
RedHat Linux
RedHat Linux
added 2013/01/24 6:52 p.m.7 views

JBoss: AuthorizationInterceptor allows JMX operation to proceed despite authorization failure

The AuthorizationInterceptor in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and...

4.9CVSS6.4AI score0.02178EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/01/24 6:44 p.m.5 views

JBoss: AuthorizationInterceptor allows JMX operation to proceed despite authorization failure

The AuthorizationInterceptor in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intended role restrictions and...

4.9CVSS6.4AI score0.02178EPSS
Exploits0References4
Rows per page
Query Builder