5283 matches found
Design/Logic Flaw
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing...
UBUNTU-CVE-2017-7490
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing...
CVE-2017-7490
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing...
CVE-2017-7490
CVE-2017-7490 affects Moodle 2.x and 3.x. The vulnerability arises from a missing capability check that enables searching of arbitrary blogs, exposing potential information that should be restricted. The provided documents describe the flaw as a capability check omission but do not supply additio...
UBUNTU-CVE-2016-3732
The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users...
CVE-2016-3732
The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users...
CVE-2016-3732
The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users...
CVE-2016-3732
The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users...
CVE-2016-3732
CVE-2016-3732 affects Moodle; impact is that remote authenticated users can read badges of other users due to a capability check flaw. Affected versions include Moodle 3.0 up to 3.0.3, 2.9 up to 2.9.5, 2.8 up to 2.8.11, and 2.7 up to 2.7.13, and earlier. The connected documents confirm the existe...
Moodle 2.9.x < 2.9.9 Multiple Vulnerabilities
Binary data 9834.prm...
WordPress Core Ajax handlers CSRF and Directory Traversal Vulnerabilities - Linux
WordPress is prone to CSRF and directory traversal vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
WordPress Core Ajax handlers CSRF and Directory Traversal Vulnerabilities - Windows
WordPress is prone to CSRF and directory traversal vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
iThemes Security <= 5.3.5 - Lack of Capability Check
The iThemes Security formerly Better WP Security WordPress plugin was affected by a Lack of Capability Check security vulnerability...
Moodle < 2.7.13 / 2.8.x < 2.8.11 / 2.9.x < 2.9.5 / 3.0.x < 3.0.3 Multiple Vulnerabilities
Binary data 9194.prm...
FreeBSD : moodle -- multiple vulnerabilities (a430e15d-f93f-11e5-92ce-002590263bf5)
Marina Glancy reports : - MSA-16-0003: Incorrect capability check when displaying users emails in Participants list - MSA-16-0004: XSS from profile fields from external db - MSA-16-0005: Reflected XSS in moddata advanced search - MSA-16-0006: Hidden courses are shown to students in Event Monitor ...
moodle -- multiple vulnerabilities
Marina Glancy reports: MSA-16-0003: Incorrect capability check when displaying users emails in Participants list MSA-16-0004: XSS from profile fields from external db MSA-16-0005: Reflected XSS in moddata advanced search MSA-16-0006: Hidden courses are shown to students in Event Monitor...
UBUNTU-CVE-2014-7975
The doumount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAPSYSADMIN capability for doremountsb calls that change the root filesystem to read-only, which allows local users to cause a denial of service loss of writability by making certain unshare system calls...
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3023)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2014-3023 advisory. kernel-uek 2.6.32-400.34.5uek - aacraid: missing capable check in compat ioctl Dan Carpenter Orabug: 18723276 CVE-2013-6383 Tenable has extracted the...
Kernel: AACRAID Driver compat IOCTL missing capability check
The aaccompatioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAPSYSRAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call...
TinyMCE Color Picker 1.1 - tinymce-colorpicker.php Missing edit_others_posts Capability Check
The TinyMCE Color Picker WordPress plugin was affected by a tinymce-colorpicker.php Missing editothersposts Capability Check security vulnerability...