Lucene search
K

166 matches found

Github Security Blog
Github Security Blog
added 2024/05/31 9:30 p.m.27 views

Moodle Authenticated LFI risk in some misconfigured shared hosting environments

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

6.5CVSS6.5AI score0.00475EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/05/31 8:27 p.m.11 views

CVE-2024-34005 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_data backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

6.5CVSS6.6AI score0.00475EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/05/31 8:27 p.m.27 views

CVE-2024-34005 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_data backup

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include...

6.8AI score0.00475EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/31 12:0 a.m.1 views

PT-2024-25633 · Moodle +2 · Moodle +2

Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to...

9.8CVSS5.8AI score0.00944EPSS
Exploits1References46
Veracode
Veracode
added 2023/03/31 6:18 a.m.21 views

Cross-Site Request Forgery (CSRF)

moodle is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in the resetalltemplates parameter of actionbar.php because the CSRF token was not properly validated, which allows an attacker to access sensitive information and reset all the database activity templates...

8.8CVSS8.2AI score0.00409EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/03/23 9:30 p.m.15 views

GHSA-WXMQ-V9GX-75PG Moodle vulnerable to Cross-site Request Forgery

The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...

8.8CVSS8.6AI score0.00409EPSS
Exploits0References6
NVD
NVD
added 2023/03/23 9:15 p.m.21 views

CVE-2023-28335

The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...

8.8CVSS8.7AI score0.00409EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/03/23 9:15 p.m.2 views

CVE-2023-28335

The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...

8.8CVSS7.2AI score0.00409EPSS
Exploits0References3
OSV
OSV
added 2023/03/23 9:15 p.m.6 views

UBUNTU-CVE-2023-28335

The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...

8.8CVSS5.8AI score0.00409EPSS
Exploits0References3
Prion
Prion
added 2023/03/23 9:15 p.m.16 views

Cross site request forgery (csrf)

The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...

6.8CVSS8.7AI score0.00409EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2023/03/23 9:15 p.m.28 views

CVE-2023-28335

The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...

8.8CVSS7.2AI score0.00409EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/23 12:0 a.m.28 views

CVE-2023-28335 Moodle: csrf risk in resetting all templates of a database activity

The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...

8.9AI score0.00409EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/23 12:0 a.m.21 views

CVE-2023-28331 Moodle: xss risk when outputting database activity filter data

Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk...

6.3AI score0.00662EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/03/23 12:0 a.m.7 views

CVE-2023-28331 Moodle: xss risk when outputting database activity filter data

Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk...

6AI score0.00662EPSS
Exploits0References3
OSV
OSV
added 2023/03/23 12:0 a.m.14 views

CVE-2023-28335 Moodle: csrf risk in resetting all templates of a database activity

The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...

8.8CVSS7.2AI score0.00409EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/03/23 12:0 a.m.10 views

CVE-2023-28335 Moodle: csrf risk in resetting all templates of a database activity

The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...

6.8AI score0.00409EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/26 3:37 a.m.20 views

Security Bulletin: Vulnerability in IBM InfoSphere Guardium Database Activity Monitoring (CVE-2010-2273)

Abstract Guardium Database Activity Monitoring is affected by multiple cross-site scripting XSS vulnerabilities in Dojo which could allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Content VULNERABILITY DETAILS: CVE ID: CVE-2010-2273 CVSS: CVSS Base Score: 4....

4.3CVSS0.4AI score0.04545EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/06 12:42 p.m.239 views

Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by an SNMPD vulnerability

Summary IBM Security Guardium Database Activity Monitor has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2002-0013 DESCRIPTION: Many vendor implementations of the Simple Network Management Protocol SNMP have multiple remote vulnerabilities caused by the improper handlin...

10CVSS1.7AI score0.50845EPSS
Exploits0Affected Software1
Imperva Blog
Imperva Blog
added 2021/07/03 8:18 p.m.145 views

Why You’re Not Making the Leap from Compliance to a Database Security Strategy

Gartner strongly recommends that the concept of “big data strategy” should be replaced with “making big data part of our everyday strategy.” Technology has created a database activity explosion for most enterprises and made traditional agent-based data logging, monitoring, and auditing far too...

6.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/02/25 5:47 p.m.37 views

Anatomy of a Security Super Bowl Dynasty, Part 1: The Defense

Imperva’s Directors of Technology in the Office of the CTO, Brian Anderson and Craig Burlingame, recently conducted an informal education session titled Creating a Security Super Bowl Dynasty. In this presentation, they used examples of how teams create consistent, sustainable success in American...

0.2AI score
Exploits0
Rows per page
Query Builder