6647 matches found
Authorization
The remote SVN views functionality lib/vclib/svn/svnra.py in ViewVC before 1.1.15 does not properly perform authorization, which allows remote attackers to bypass intended access restrictions via unspecified vectors...
CVE-2011-4592
The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron...
Eaton Network Shutdown Module Default Administrator Credentials
The remote Eaton Network Shutdown Module install uses a default set of credentials to control access to its administrative functionality. With this information, an attacker can gain complete access to the application. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the course-tags functionality in tag/coursetagsmore.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 sort or 2 show parameter...
CVE-2011-4282
Multiple cross-site scripting XSS vulnerabilities in the course-tags functionality in tag/coursetagsmore.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 sort or 2 show parameter...
CVE-2011-4294
CVE-2011-4294 describes an open redirect flaw in Moodle’s error-message handling. In Moodle 1.9.x (before 1.9.13), 2.0.x (before 2.0.4), and 2.1.x (before 2.1.1), continuation links in error messages are not guaranteed to point to http(s) URLs of the local Moodle instance, enabling attackers to l...
CVE-2012-2844
The PDF functionality in Google Chrome before 20.0.1132.57 does not properly handle JavaScript code, which allows remote attackers to cause a denial of service incorrect object access or possibly have unspecified other impact via a crafted document...
CVE-2011-4304
The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to discover the name of any user via a beep operation...
Design/Logic Flaw
The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to discover the name of any user via a beep operation...
CVE-2011-4304
The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to discover the name of any user via a beep operation...
CVE-2012-2833
Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...
CVE-2012-2828
Multiple integer overflows in the PDF functionality in Google Chrome before 20.0.1132.43 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document...
Buffer overflow
Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...
Out-of-bounds
The PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service out-of-bounds read via unspecified vectors...
CVE-2012-2833
Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...
CVE-2012-2832
The image-codec implementation in the PDF functionality in Google Chrome before 20.0.1132.43 does not initialize an unspecified pointer, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document...
CVE-2012-2828
Multiple integer overflows in the PDF functionality in Google Chrome before 20.0.1132.43 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document...
CVE-2012-2822
The PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service out-of-bounds read via unspecified vectors...
CVE-2012-2832
Removed by vendor...
CVE-2012-2833
Buffer overflow in the JS API in the PDF functionality in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...