3930 matches found
Claroline e-Learning 1.8.1 Privilege Escalation Vulnerability
Due to insufficient permission checking in profile.php any user can assign hem or her self to any organization by issueing a single http request. Claroline users can assign themselves their platform role, leading to possible privilege escalation Description: Due to insufficient permission checkin...
CVE-2013-3186
The Protected Mode feature in Microsoft Internet Explorer 7 through 10 on Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly implement the Integrity Access Level aka IL protection mechanism, which allows remote...
CVE-2013-3186
CVE-2013-3186 affects Microsoft Internet Explorer 7–10 on multiple Windows editions. The root cause is improper implementation of the Integrity Access Level (Process Integrity Level) protection in Protected Mode, allowing remote attackers to elevate privileges from a low-IL process to medium IL. ...
Design/Logic Flaw
The create method in app/controllers/userscontroller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by 1 changing the admin flag or 2 assigning an arbitrary role...
Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment
This module exploits a mass assignment vulnerability in the 'create' action of 'users' controller of Foreman and Red Hat OpenStack/Satellite Foreman 1.2.0-RC1 and earlier by creating an arbitrary administrator account. For this exploit to work, your account must have 'createusers' permission e.g....
Oracle Linux 6 : kernel (ELSA-2012-0350)
The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2012-0350 advisory. - fs xfs: Fix missing xfsiunlock on error recovery path in xfsreadlink Carlos Maiolino 749161 694702 CVE-2011-4077 - fs xfs: Fix memory corruption in...
rubygem-json: Denial of Service and SQL Injection
The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 for Ruby allows remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain...
Foreman: app/controllers/users_controller.rb arbitrary admin user creation due to mass assignment
The create method in app/controllers/userscontroller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by 1 changing the admin flag or 2 assigning an arbitrary role...
MGASA-2013-0162 Updated moodle package fix security vulnerabilities
The assignment module in Moodle before 2.4.4 was not checking capabilities for users downloading all assignments as a zip CVE-2013-2079. The Gradebook's Overview report in Moodle before 2.4.4 was showing grade totals that may have incorrectly included hidden grades CVE-2013-2080. When registering...
CVE-2013-2079
mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download aka downloadall requests, which allows remote authenticated users to read other users' assignment...
CVE-2013-2079
mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download aka downloadall requests, which allows remote authenticated users to read other users' assignment...
Code injection
mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download aka downloadall requests, which allows remote authenticated users to read other users' assignment...
CVE-2013-2079
The CVE-2013-2079 issue affects Moodle’s assignment module (Moodle versions 2.3.x before 2.3.7 and 2.4.x before 2.4.4). The vulnerability arises because mod/assign/locallib.php does not enforce capability requirements when processing ZIP assignment-archive download (downloadall) requests, allowin...
CVE-2013-2079
mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download aka downloadall requests, which allows remote authenticated users to read other users' assignment...
A writable configured share might get read only
Description Due to a assignment vs equality bug a share reference might get overwritten. This can lead to 'read only = no' from another share to leak into a 'read only = yes' share for a subsequent connections. This is a re-evaluation of an already fixed bug. Workaround Update to 3.6.6 and higher...
CVE-2013-0676
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query...
Information disclosure
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query...
CVE-2013-0676
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query...
CVE-2013-0676
Siemens WinCC (before 7.2; in SIMATIC PCS7 before 8.0 SP1) stores WebNavigator credentials in an MS SQL database and fails to properly restrict privileges. This Improper Authorization allows remote authenticated users to read sensitive data via SQL queries. Impact includes exposure of credentials...
CVE-2013-2506
app/models/spree/user.rb in spreeauthdevise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves...