Updated moodle packages fix multiple vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.3, Session checking was not being performed correctly in Assignment's quick-grading, allowing forged requests to be made unknowingly by authenticated users CVE-2014-0213. In Moodle before 2.6.3, MoodleMobile web service...

Localize: Assigning a non-existing role to user causes exception when opening project page

Reproduction: - Create a new private project - Log in as another user and go the the newly create project page. Request access there. - Switch back to original user and check pending requests. - At this point I was able to assign a non-existing role I changed the dropdown list and chose 10 as...

Microweber CMS 0.93 - CSRF Vulnerability

Exploit for php platform in category web applications Exploit Title: Microweber CMS v0.93 CSRF Vulnerability Author: sajith version: Microweber CMS v0.93 Vendor Homepage: http://microweber.com/ vulnerable app link:http://microweber.com/download Application is vulnerable to CSRF.below is the POC...

Sophos Web Protection Appliance Interface - (Authenticated) Arbitrary Command Execution (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution', 'Description' = %q This module takes advantage ...

Sophos Web Protection Appliance Command Execution Exploit

This Metasploit module takes advantage of two vulnerabilities in order to gain remote code execution as root as an otherwise non-privileged authorized user. By taking advantage of a mass assignment vulnerability that allows an unprivileged authenticated user to change the administrator's password...

Sophos Web Protection Appliance Interface Authenticated Arbitrary Command Execution

This module takes advantage of two vulnerabilities in order to gain remote code execution as root as an otherwise non-privileged authorized user. By taking advantage of a mass assignment vulnerability that allows an unprivileged authenticated user to change the administrator's password hash, the...

Code injection

mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors...

CVE-2014-2572

mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors...

CVE-2014-2572

mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors...

Mass Assignment in extension Direct Mail Subscription (direct_mail_subscription)

It has been discovered that the extension "Direct Mail Subscription" directmailsubscription is susceptible to Mass Assignment. Release Date: February 12, 2014 Component Type: Third party extension. This extension is not a part of the TYPO3 default installation. Affected Versions: Version 2.0.0 an...

ownCloud 6.0.0a - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: ownCloud 6.0.0a File Deletion XSS and CSRF Protection Bypass Vendor Homepage: www.ownCloud.org OwnCloud Version: 6.0.0a Browsers tested: Iceweasel 22.0; Internet Explorer 11; Server: Debian. Default LAMP set-up. Exploit Author:...

Debian DSA-2834-1 : typo3-src - several vulnerabilities

Several vulnerabilities were discovered in TYPO3, a content management system. This update addresses cross-site scripting, information disclosure, mass assignment, open redirection and insecure unserialize vulnerabilities and corresponds to TYPO3-CORE-SA-2013-004. %NASLMINLEVEL 70300 C Tenable...

[SECURITY] [DSA 2834-1] typo3-src security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2834-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso January 01, 2014 http://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-2834-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

UBUNTU-CVE-2013-7080

The creating record functionality in Extension table administration library feuseradminLib.inc in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass...

Multiple Vulnerabilities in TYPO3 CMS

It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Information Disclosure, Mass Assignment, Open Redirection and Insecure Unserialize. Component Type: TYPO3 CMS Vulnerability Types: Cross-Site Scripting, Information Disclosure, Mass Assignment, Open Redirection and...

ThinkSNS getshell一枚

简要描述： ThinkSNS某处处理不当导致get shell 详细说明： \apps\public\Lib\Action\CommentAction.class.php reply函数 public function reply $var = $GET; $var'initNums' = model'Xdata'-getConfig'weibonums', 'feed'; $var'commentInfo' = model'Comment'-getCommentInfo$var'commentid', false; $var'canrepost' =...

Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment

This Metasploit module exploits a mass assignment vulnerability in the create action of users controller of Foreman and Red Hat OpenStack/Satellite Foreman 1.2.0-RC1 and earlier by creating an arbitrary administrator account. For this exploit to work, your account must have createusers permission...

Foreman (RedHat OpenStack/Satellite) - users/create Mass Assignment (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4 'Foreman Red Hat OpenStack/Satellite...

Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4 'Foreman Red Hat OpenStack/Satellite...