15 matches found
EUVD-2012-3362
Malware in sbrugna...
EUVD-2022-4686
Malicious code in bioql PyPI...
Moodle allows discovery of an author's username
The forumprintlatestdiscussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, an...
GHSA-P5J7-26WJ-423J Moodle allows discovery of an author's username
The forumprintlatestdiscussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, an...
Mageia: Security Advisory (MGASA-2014-0379)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
WordPress Injection Anchors Widespread Malware Campaign
The downloader malware known as Gootloader is poisoning websites globally as part of an extensive drive-by and watering-hole cybercampaign that abuses WordPress sites by injecting them with hundreds of pages of fake content. The adversaries have so far delivered the Cobalt Strike intrusion tool,...
Moodle < 2.5 / 2.5.x < 2.5.8 / 2.6.x < 2.6.5 / 2.7.x < 2.7.2 Multiple Vulnerabilities
Binary data 8719.prm...
CVE-2014-3617
The forumprintlatestdiscussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, an...
Design/Logic Flaw
The forumprintlatestdiscussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, an...
CVE-2014-3617
The CVE-2014-3617 issue affects Moodle’s forum: the function forum_print_latest_discussions in mod/forum/lib.php allowed remote authenticated users to bypass the requirement to post an answer and to discover an author’s username by visiting a Q&A forum, without needing the mod/forum:viewqandawith...
CVE-2014-3617
The forumprintlatestdiscussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass the individual answer-posting requirement without the mod/forum:viewqandawithoutposting capability, an...
Updated moodle packages fix security vulnerbilities
Updated moodle packages fix security vulnerabilities: In Moodle before 2.6.5, users who had not yet posted the required answer in a Q forum in order to access past posts were able to see the name of the last person who had posted, as other authors are visible in /mod/forum/view.php before the...
CVE-2012-3391
mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging the student role and reading the RSS feed for a...
CVE-2007-0398
CVE-2007-0398 describes multiple cross-site scripting (XSS) vulnerabilities in the forum.php3 component of Arnaud Guyonne’s a-forum. The flaws allow remote attackers to inject arbitrary web script or HTML through the (1) Sujet and (2) Pseudo input fields. The issue affects the affected forum’s in...
a-forum xss
a-forum xss By : sn0oPy Risk : medium Site : http://www.mistersp.com/ Dork : inurl:"/a-forum/forum.php3" exploit : just inject any script on the "sujet" or/and "psuedo". contact : [email protected] greetz : subzero, Avg Teamhttp://forums.avenir-geopolitique.net...