procaz.fr XSS vulnerability

Vulnerable URL: http://www.procaz.fr/recherche.php Details: Description| Value ---|--- Patched:| Yes, at 24.11.2017 Latest check for patch:| 24.11.2017 11:31 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 6078054 VIP website status:| No Check procaz.fr SSL...

CVE-2015-8931

Undefined behavior signed integer overflow was discovered in libarchive, in the MTREE parser's calculation of maximum and minimum dates. A crafted mtree file could potentially cause denial of service...

webmail.cyberspazio.org XSS vulnerability

Vulnerable URL: https://webmail.cyberspazio.org/webmail/?color=%22%3E%3Csvg/onload=prompt%28/OPENBUGBOUNTY/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...

broward.desire2learn.com XSS vulnerability

Vulnerable URL: https://broward.desire2learn.com/frame.asp?Pg=javascript:alert%28%27OPENBUGBOUNTY%27%29 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 3708 VIP website status:| Yes Check broward.desire2learn.com...

Moodle < 2.7.13 / 2.8.x < 2.8.11 / 2.9.x < 2.9.5 / 3.0.x < 3.0.3 Multiple Vulnerabilities

Binary data 9194.prm...

FreeBSD : moodle -- multiple vulnerabilities (a430e15d-f93f-11e5-92ce-002590263bf5)

Marina Glancy reports : - MSA-16-0003: Incorrect capability check when displaying users emails in Participants list - MSA-16-0004: XSS from profile fields from external db - MSA-16-0005: Reflected XSS in moddata advanced search - MSA-16-0006: Hidden courses are shown to students in Event Monitor ...

Sneaker Release Dates - Dynamic Code Loading, External URLs, MIT license vulnerabilities

HackApp vulnerability scanner discovered that application Sneaker Release Dates published at the 'play' market has multiple vulnerabilities...

moodle -- multiple vulnerabilities

Marina Glancy reports: MSA-16-0003: Incorrect capability check when displaying users emails in Participants list MSA-16-0004: XSS from profile fields from external db MSA-16-0005: Reflected XSS in moddata advanced search MSA-16-0006: Hidden courses are shown to students in Event Monitor...

gw-openx.cloudapp.net Open Redirect vulnerability

Open Bug Bounty ID: OBB-137193 Description| Value ---|--- Affected Website:| gw-openx.cloudapp.net Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet...

CVE-2015-5341

modscorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors...

CVE-2015-5341

modscorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors...

Design/Logic Flaw

modscorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors...

UBUNTU-CVE-2015-5341

modscorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors...

CVE-2015-5341

modscorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors...

WordPress Booking Calendar Contact Form 1.0.23 CSRF / XSS

Exploit Title: Wordpress booking calendar contact form =v1.0.23 - Privilege escalation / stored XSS vulnerabilities Date: 2016-02-08 Google Dork: Index of /wp-content/plugins/booking-calendar-contact-form Exploit Author: Joaquin Ramirez Martinez i0 SEC-LABORATORY Vendor Homepage:...

ManageEngine Network Configuration Management Build 11000 CSRF

Title:- Cross-Site Request Forgery CSRF Vulnerability in ManageEngine Network Configuration Management Author: Kaustubh G. Padwad Vendor: ZOHO Corp Product: ManageEngine Network Configuration Manager Tested Version: : Network Configuration Manager Build 11000 Severity: HIGH About the Product:...

CVE-2015-7084

creationtimestamp| type| source ---|---|--- 2016-01-28 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39366 2016-01-28 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39357...

OracleVM 2.2 : xen (OVMSA-2015-0151)

The remote OracleVM system is missing necessary patches to address critical security updates : - fix-up bad changelog dates - guard against undue super page PTE creation XSA-148 Jan Beulich %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks in this plugin were extracted from...

Updated python-django packages fix security vulnerability

If an application allows users to specify an unvalidated format for dates and passes this format to the date filter, then a malicious user could obtain any secret in the application's settings by specifying a settings key instead of a date format CVE-2015-8213...

CVE-2014-8155

GnuTLS before 2.9.10 does not verify the activation and expiration dates of CA certificates, which allows man-in-the-middle attackers to spoof servers via a certificate issued by a CA certificate that is 1 not yet valid or 2 no longer valid...