Lucene search
K

5283 matches found

Prion
Prion
added 2017/05/15 2:29 p.m.19 views

Design/Logic Flaw

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing...

5CVSS5.3AI score0.01046EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/05/15 2:29 p.m.4 views

UBUNTU-CVE-2017-7490

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing...

5.3CVSS6.3AI score0.01046EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/05/15 2:0 p.m.37 views

CVE-2017-7490

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing...

5.8AI score0.01046EPSS
Exploits0References1
CVE
CVE
added 2017/05/15 2:0 p.m.65 views

CVE-2017-7490

CVE-2017-7490 affects Moodle 2.x and 3.x. The vulnerability arises from a missing capability check that enables searching of arbitrary blogs, exposing potential information that should be restricted. The provided documents describe the flaw as a capability check omission but do not supply additio...

5.3CVSS5.6AI score0.01046EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2017/04/20 9:59 p.m.3 views

UBUNTU-CVE-2016-3732

The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users...

4.3CVSS7.3AI score0.01373EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2017/04/20 9:59 p.m.17 views

CVE-2016-3732

The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users...

4.3CVSS6.3AI score0.01373EPSS
Exploits0References1
NVD
NVD
added 2017/04/20 9:59 p.m.18 views

CVE-2016-3732

The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users...

4.3CVSS5.2AI score0.01373EPSS
Exploits0References3
Cvelist
Cvelist
added 2017/04/20 9:0 p.m.24 views

CVE-2016-3732

The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users...

5.9AI score0.01373EPSS
Exploits0References3
CVE
CVE
added 2017/04/20 9:0 p.m.52 views

CVE-2016-3732

CVE-2016-3732 affects Moodle; impact is that remote authenticated users can read badges of other users due to a capability check flaw. Affected versions include Moodle 3.0 up to 3.0.3, 2.9 up to 2.9.5, 2.8 up to 2.8.11, and 2.7 up to 2.7.13, and earlier. The connected documents confirm the existe...

4.3CVSS5AI score0.01373EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/12/16 12:0 a.m.13 views

Moodle 2.9.x < 2.9.9 Multiple Vulnerabilities

Binary data 9834.prm...

5.3CVSS7.3AI score0.01196EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2016/08/26 12:0 a.m.47 views

WordPress Core Ajax handlers CSRF and Directory Traversal Vulnerabilities - Linux

WordPress is prone to CSRF and directory traversal vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.1CVSS5.7AI score0.38445EPSS
Exploits6References3
OpenVAS
OpenVAS
added 2016/08/26 12:0 a.m.58 views

WordPress Core Ajax handlers CSRF and Directory Traversal Vulnerabilities - Windows

WordPress is prone to CSRF and directory traversal vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.1CVSS5.7AI score0.38445EPSS
Exploits6References3
WPVulnDB
WPVulnDB
added 2016/04/25 12:0 a.m.13 views

iThemes Security <= 5.3.5 - Lack of Capability Check

The iThemes Security formerly Better WP Security WordPress plugin was affected by a Lack of Capability Check security vulnerability...

2AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/04/08 12:0 a.m.14 views

Moodle < 2.7.13 / 2.8.x < 2.8.11 / 2.9.x < 2.9.5 / 3.0.x < 3.0.3 Multiple Vulnerabilities

Binary data 9194.prm...

8.8CVSS6AI score0.01931EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2016/04/05 12:0 a.m.22 views

FreeBSD : moodle -- multiple vulnerabilities (a430e15d-f93f-11e5-92ce-002590263bf5)

Marina Glancy reports : - MSA-16-0003: Incorrect capability check when displaying users emails in Participants list - MSA-16-0004: XSS from profile fields from external db - MSA-16-0005: Reflected XSS in moddata advanced search - MSA-16-0006: Hidden courses are shown to students in Event Monitor ...

8.8CVSS5.5AI score0.01931EPSS
Exploits0References12
FreeBSD
FreeBSD
added 2016/03/21 12:0 a.m.33 views

moodle -- multiple vulnerabilities

Marina Glancy reports: MSA-16-0003: Incorrect capability check when displaying users emails in Participants list MSA-16-0004: XSS from profile fields from external db MSA-16-0005: Reflected XSS in moddata advanced search MSA-16-0006: Hidden courses are shown to students in Event Monitor...

8.8CVSS1.7AI score0.01931EPSS
Exploits0References1
OSV
OSV
added 2014/10/13 12:0 a.m.7 views

UBUNTU-CVE-2014-7975

The doumount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAPSYSADMIN capability for doremountsb calls that change the root filesystem to read-only, which allows local users to cause a denial of service loss of writability by making certain unshare system calls...

5.5CVSS6.7AI score0.00461EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2014/05/12 12:0 a.m.36 views

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3023)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-3023 advisory. kernel-uek 2.6.32-400.34.5uek - aacraid: missing capable check in compat ioctl Dan Carpenter Orabug: 18723276 CVE-2013-6383 Tenable has extracted the...

6.9CVSS7.2AI score0.0049EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2014/05/07 6:46 p.m.6 views

Kernel: AACRAID Driver compat IOCTL missing capability check

The aaccompatioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAPSYSRAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call...

6.9CVSS7.1AI score0.0049EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2014/04/28 12:0 a.m.20 views

TinyMCE Color Picker 1.1 - tinymce-colorpicker.php Missing edit_others_posts Capability Check

The TinyMCE Color Picker WordPress plugin was affected by a tinymce-colorpicker.php Missing editothersposts Capability Check security vulnerability...

5CVSS2.5AI score0.01784EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder