Lucene search
K

113 matches found

FreeBSD
FreeBSD
added 2016/09/12 12:0 a.m.26 views

moodle -- multiple vulnerabilities

Marina Glancy reports: MSA-16-0022: Web service tokens should be invalidated when the user password is changed or forced to be changed...

7.3CVSS2.1AI score0.00972EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2016/08/08 12:0 a.m.19 views

FreeBSD : moodle -- multiple vulnerabilities (3ddcb42b-5b78-11e6-b334-002590263bf5)

Marina Glancy reports : - MSA-16-0019: Glossary search displays entries without checking user permissions to view them - MSA-16-0020: Text injection in email headers - MSA-16-0021: Unenrolled user still receives event monitor notifications even though they can no longer access course %NASLMINLEVE...

5.8CVSS6AI score0.01098EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2016/07/05 12:0 a.m.23 views

FreeBSD : moodle -- multiple vulnerabilities (8656cf5f-4170-11e6-8dfe-002590263bf5)

Marina Glancy reports : - MSA-16-0013: Users are able to change profile fields that were locked by the administrator. - MSA-16-0015: Information disclosure of hidden forum names and sub-names. - MSA-16-0016: User can view badges of other users without proper permissions. - MSA-16-0017: Course...

8.8CVSS5.9AI score0.01595EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2015/11/16 12:0 a.m.14 views

FreeBSD : moodle -- multiple vulnerabilities (82b3ca2a-8c07-11e5-bd18-002590263bf5)

Moodle Release Notes report : MSA-15-0037 Possible to send a message to a user who blocked messages from non contacts MSA-15-0038 DDoS possibility in Atto MSA-15-0039 CSRF in site registration form MSA-15-0040 Student XSS in survey MSA-15-0041 XSS in flash video player MSA-15-0042 CSRF in lesson...

5.3AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/09/18 12:0 a.m.27 views

FreeBSD : moodle -- multiple vulnerabilities (c2fcbec2-5daa-11e5-9909-002590263bf5)

Moodle Release Notes report : MSA-15-0030: Students can re-attempt answering questions in the lesson CVE-2015-5264 MSA-15-0031: Teacher in forum can still post to 'all participants' and groups they are not members of CVE-2015-5272 - 2.7.10 only MSA-15-0032: Users can delete files uploaded by othe...

7.5CVSS5.8AI score0.02374EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2015/04/20 12:0 a.m.18 views

Moodle 2.7.x < 2.7.1 XSS

Binary data 8717.prm...

4.3CVSS6.8AI score0.01187EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2015/04/20 12:0 a.m.18 views

Moodle 2.5.x < 2.5.7 / 2.6.x < 2.6.4 / 2.7.x < 2.7.1 XSS

Binary data 8722.prm...

4.3CVSS6.8AI score0.01187EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2015/04/20 12:0 a.m.14 views

Moodle 2.7.x < 2.7.3 Information Disclosure

Binary data 8718.prm...

4CVSS6.9AI score0.01674EPSS
Exploits0References4
exploitpack
exploitpack
added 2015/01/20 12:0 a.m.30 views

WordPress Plugin Pixarbay Images 2.3 - Multiple Vulnerabilities

WordPress Plugin Pixarbay Images 2.3 - Multiple Vulnerabilities Mogwai Security Advisory MSA-2015-01 ---------------------------------------------------------------------- Title: WP Pixarbay Images Multiple Vulnerabilities Product: Pixarbay Images Wordpress Plugin Affected versions: 2.3 Impact:...

7.5AI score
Exploits0
Mageia
Mageia
added 2014/11/22 10:54 a.m.71 views

Updated moodle package fixes security vulnerabilities

In Moodle before 2.6.5, without forcing encoding, it was possible that UTF7 characters could be used to force cross-site scripts to AJAX scripts although this is unlikely on modern browsers and on most Moodle pages MSA-14-0035. In Moodle before 2.6.5, an XSS issue through $searchcourse in...

7.5CVSS6.5AI score0.02427EPSS
Exploits0References17
exploitpack
exploitpack
added 2014/09/27 12:0 a.m.27 views

Typo3 Extension JobControl 2.14.0 - Cross-Site Scripting SQL Injection

Typo3 Extension JobControl 2.14.0 - Cross-Site Scripting SQL Injection Mogwai Security Advisory MSA-2014-02 ---------------------------------------------------------------------- Title: JobControl dmmjobcontrol Multiple Vulnerabilities Product: dmmjobcontrol Typo3 Extension Affected versions:...

Exploits0
0day.today
0day.today
added 2014/09/01 12:0 a.m.66 views

ManageEngine EventLog Analyzer Multiple Vulnerabilities

ManageEngine EventLog Analyzer version 9.9 suffers from unauthenticated remote code execution via shell upload and authorization vulnerabilities. Mogwai Security Advisory MSA-2014-01 ---------------------------------------------------------------------- Title: ManageEngine EventLog Analyzer...

7.5CVSS7.8AI score0.84182EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2013/07/23 12:0 a.m.21 views

Fedora 19 : moodle-2.4.5-2.fc19 (2013-12964)

Latest upstream release for this branch. Correct unbundling of php-pear-HTML-Quickform. Fix for: MSA-13-0025: XSS vulnerability in YUI library MSA-13-0026: Personal information leak in IMS-LTI CVE-2013-2242 MSA-13-0027: Access issue in Chat module CVE-2013-2243 MSA-13-0028: Answer information...

4.3CVSS5.3AI score0.01406EPSS
Exploits0References7
Mageia
Mageia
added 2013/07/21 8:38 a.m.33 views

Updated moodle package fixes multiple security vulnerabilities

Flash files distributed with the YUI library in Moodle before 2.4.5 may have allowed for cross-site scripting attacks MSA-13-0025. Privacy settings for the IMS-LTI External tool module in Moodle before 2.4.5 were not able to be changed so personal information was always transferred MSA-13-0026...

4.3CVSS2.4AI score0.01406EPSS
Exploits0References10
UbuntuCve
UbuntuCve
added 2013/03/11 4:0 a.m.27 views

CVE-2013-1831

lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message...

5CVSS5.9AI score0.01393EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2013/03/11 4:0 a.m.19 views

CVE-2013-1835

Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the loginas feature...

3.5CVSS6AI score0.01481EPSS
Exploits0References1
NVD
NVD
added 2012/01/13 4:14 a.m.13 views

CVE-2012-0697

HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than CVE-2011-4788...

10CVSS6.5AI score0.07563EPSS
Exploits0References3
Prion
Prion
added 2012/01/13 4:14 a.m.13 views

Path traversal

Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI...

7.8CVSS7AI score0.05262EPSS
Exploits0References3Affected Software3
Prion
Prion
added 2012/01/13 4:14 a.m.16 views

Design/Logic Flaw

HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than CVE-2011-4788...

10CVSS6.9AI score0.07563EPSS
Exploits0References3
Cvelist
Cvelist
added 2012/01/13 2:0 a.m.24 views

CVE-2011-4788

Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI...

6.4AI score0.05262EPSS
Exploits0References3
Rows per page
Query Builder