166 matches found
Moodle Authenticated LFI risk in some misconfigured shared hosting environments
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include...
CVE-2024-34005 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_data backup
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include...
CVE-2024-34005 moodle: authenticated LFI risk in some misconfigured shared hosting environments via modified mod_data backup
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file include...
PT-2024-25633 · Moodle +2 · Moodle +2
Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to...
Cross-Site Request Forgery (CSRF)
moodle is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in the resetalltemplates parameter of actionbar.php because the CSRF token was not properly validated, which allows an attacker to access sensitive information and reset all the database activity templates...
GHSA-WXMQ-V9GX-75PG Moodle vulnerable to Cross-site Request Forgery
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...
CVE-2023-28335
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...
CVE-2023-28335
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...
UBUNTU-CVE-2023-28335
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...
Cross site request forgery (csrf)
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...
CVE-2023-28335
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...
CVE-2023-28335 Moodle: csrf risk in resetting all templates of a database activity
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...
CVE-2023-28331 Moodle: xss risk when outputting database activity filter data
Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk...
CVE-2023-28331 Moodle: xss risk when outputting database activity filter data
Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk...
CVE-2023-28335 Moodle: csrf risk in resetting all templates of a database activity
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...
CVE-2023-28335 Moodle: csrf risk in resetting all templates of a database activity
The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk...
Security Bulletin: Vulnerability in IBM InfoSphere Guardium Database Activity Monitoring (CVE-2010-2273)
Abstract Guardium Database Activity Monitoring is affected by multiple cross-site scripting XSS vulnerabilities in Dojo which could allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Content VULNERABILITY DETAILS: CVE ID: CVE-2010-2273 CVSS: CVSS Base Score: 4....
Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by an SNMPD vulnerability
Summary IBM Security Guardium Database Activity Monitor has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2002-0013 DESCRIPTION: Many vendor implementations of the Simple Network Management Protocol SNMP have multiple remote vulnerabilities caused by the improper handlin...
Why You’re Not Making the Leap from Compliance to a Database Security Strategy
Gartner strongly recommends that the concept of “big data strategy” should be replaced with “making big data part of our everyday strategy.” Technology has created a database activity explosion for most enterprises and made traditional agent-based data logging, monitoring, and auditing far too...
Anatomy of a Security Super Bowl Dynasty, Part 1: The Defense
Imperva’s Directors of Technology in the Office of the CTO, Brian Anderson and Craig Burlingame, recently conducted an informal education session titled Creating a Security Super Bowl Dynasty. In this presentation, they used examples of how teams create consistent, sustainable success in American...