16 matches found
EUVD-2015-9157
Malware in sbrugna...
CVE-2024-7093 Server-Side Template Injection in Dispatch Message Templates
Dispatch's notification service uses Jinja templates to generate messages to users. Jinja permits code execution within blocks, which were neither properly sanitized nor sandboxed. This vulnerability enables users to construct command line scripts in their custom message templates, which are then...
FormCraft < 1.2.7 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. There are two XSS issues: Example A: ...
Moodle Unauthenticated users can trigger custom messages to admin via paypal enrol script
A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was...
GHSA-V9XQ-VH72-CHR4 Moodle Unauthenticated users can trigger custom messages to admin via paypal enrol script
A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was...
Design/Logic Flaw
The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages...
CVE-2015-9317
The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages...
GSA Bounty: Multiple Bugs in api.data.gov/signup endpoint leads to send custom messages to Anyone
Hey there, while signing for new api key, i have found two bugs that is unusual and make anyone to send crafted or customised email to someone. Bug 1: - low 1. Go to https://api.data.gov/signup/ 2. Enter first and last name , then enter email id and get api key. Bug: You can use the same email id...
Moodle 3.x Spam Vulnerability (Mar 2018) - Linux
Unauthenticated users can trigger custom messages to admin via paypal enrol script. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Moodle 3.x Spam Vulnerability (Mar 2018) - Windows
Unauthenticated users can trigger custom messages to admin via paypal enrol script. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Design/Logic Flaw
A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was...
CVE-2018-1081
A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was...
CVE-2018-1081
A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was...
CVE-2018-1081
A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was...
FreeBSD : moodle -- multiple vulnerabilities (cdb4d962-34f9-11e8-92db-080027907385)
moodle reports : Unauthenticated users can trigger custom messages to admin via paypal enrol script. Suspended users with OAuth 2 authentication method can still log in to the site. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the...
moodle -- multiple vulnerabilities
moodle reports: Unauthenticated users can trigger custom messages to admin via paypal enrol script. Suspended users with OAuth 2 authentication method can still log in to the site...