Lucene search
+L

36 matches found

Positive Technologies
Positive Technologies
added 2019/03/26 12:0 a.m.8 views

PT-2019-19341 · Cms Made Simple · Cms Made Simple

Name of the Vulnerable Software and Affected Versions: CMS Made Simple version 2.2.8 Description: An issue was discovered in the FilePicker module, where it is possible to reach an unserialize call with an untrusted parameter, achieving authenticated object injection. Recommendations: For CMS Mad...

8.8CVSS8.6AI score0.0157EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2019/03/12 12:0 a.m.78 views

CMS Made Simple < 2.2.10 Multiple Vulnerabilities

CMS Made Simple is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.2AI score0.45896EPSS
Exploits10References1
Veracode
Veracode
added 2018/07/17 6:43 a.m.29 views

Server-Side Request Forgery (SSRF)

moodle is vulnerable to server-side request forgery SSRF attacks. A malicious user can pass an arbitrary URL to the filepicker AJAX to retrieve and view any URL through it...

6.5CVSS6.5AI score0.15572EPSS
Exploits4References4Affected Software1
NVD
NVD
added 2018/04/13 5:29 a.m.18 views

CVE-2018-10083

CMS Made Simple CMSMS through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val parameter...

7.5CVSS7.7AI score0.01536EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/04/13 5:0 a.m.23 views

CVE-2018-10083

CMS Made Simple CMSMS through 2.2.7 contains an arbitrary file deletion vulnerability in the admin dashboard via directory traversal sequences in the val parameter within a cmd=del request, because code under modules\FilePicker does not restrict the val parameter...

7.7AI score0.01536EPSS
Exploits1References1
CNVD
CNVD
added 2018/01/23 12:0 a.m.6 views

Moodle Cross-Site Request Forgery Vulnerability (CNVD-2018-02378)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. filepicker is one of the file selectors. A cross-site request forgery vulnerability...

6.5CVSS6.9AI score0.15572EPSS
Exploits4References1
NVD
NVD
added 2018/01/22 8:29 a.m.17 views

CVE-2018-1042

Moodle 3.x has Server Side Request Forgery in the filepicker...

6.5CVSS6.5AI score0.15572EPSS
Exploits4References3
Prion
Prion
added 2018/01/22 8:29 a.m.22 views

Server side request forgery (ssrf)

Moodle 3.x has Server Side Request Forgery in the filepicker...

4CVSS6.4AI score0.15572EPSS
Exploits4References3Affected Software1
UbuntuCve
UbuntuCve
added 2018/01/22 8:29 a.m.27 views

CVE-2018-1042

Moodle 3.x has Server Side Request Forgery in the filepicker...

6.5CVSS6.6AI score0.15572EPSS
Exploits4References2
OSV
OSV
added 2018/01/22 8:29 a.m.4 views

UBUNTU-CVE-2018-1042

Moodle 3.x has Server Side Request Forgery in the filepicker...

6.5CVSS6.6AI score0.15572EPSS
Exploits4References3
OSV
OSV
added 2018/01/22 8:29 a.m.26 views

CVE-2018-1042

Moodle 3.x has Server Side Request Forgery in the filepicker...

6.5CVSS6.7AI score
Exploits0References3
Cvelist
Cvelist
added 2018/01/22 8:0 a.m.33 views

CVE-2018-1042

Moodle 3.x has Server Side Request Forgery in the filepicker...

6.4AI score0.15572EPSS
Exploits4References3
CVE
CVE
added 2018/01/22 8:0 a.m.99 views

CVE-2018-1042

Summary of CVE-2018-1042 (Moodle SSRF): Moodle 3.x is affected by a server-side request forgery in the filepicker. The underlying issue is an SSRF in the filepicker function, enabling an attacker (reported as authenticated) to issue requests from the vulnerable Moodle host, potentially probing in...

6.5CVSS6.3AI score0.15572EPSS
Exploits4References3Affected Software1
Prion
Prion
added 2017/07/18 12:29 a.m.21 views

Design/Logic Flaw

In CMS Made Simple CMSMS 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=file...

4CVSS4.9AI score0.00849EPSS
Exploits1References1Affected Software1
seebug.org
seebug.org
added 2017/04/15 12:0 a.m.25 views

Google Chrome webkitdirectory Information Disclosure

Google was the first vendor I contacted regarding this. After initially recieving a SEC-MEDIUM rating, it was later changed to SEC-LOW and ignored for months 6. It turned out that Chrome would be able to detect this type of bug if anyone would try to use it on a mass scale, as it is logged by...

6.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/11/30 12:0 a.m.28 views

openSUSE Security Update : MozillaFirefox (MozillaFirefox-1597)

The Mozilla Firefox 3.5.5 release fixes some instability issues caused by the 3.5.4 security upgrade. One crash was assigned a CVE number: CVE-2009-3978: The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to...

4.3CVSS5.4AI score0.01788EPSS
Exploits0References7
Rows per page
Query Builder