113 matches found
moodle -- multiple vulnerabilities
Marina Glancy reports: MSA-16-0022: Web service tokens should be invalidated when the user password is changed or forced to be changed...
FreeBSD : moodle -- multiple vulnerabilities (3ddcb42b-5b78-11e6-b334-002590263bf5)
Marina Glancy reports : - MSA-16-0019: Glossary search displays entries without checking user permissions to view them - MSA-16-0020: Text injection in email headers - MSA-16-0021: Unenrolled user still receives event monitor notifications even though they can no longer access course %NASLMINLEVE...
FreeBSD : moodle -- multiple vulnerabilities (8656cf5f-4170-11e6-8dfe-002590263bf5)
Marina Glancy reports : - MSA-16-0013: Users are able to change profile fields that were locked by the administrator. - MSA-16-0015: Information disclosure of hidden forum names and sub-names. - MSA-16-0016: User can view badges of other users without proper permissions. - MSA-16-0017: Course...
FreeBSD : moodle -- multiple vulnerabilities (82b3ca2a-8c07-11e5-bd18-002590263bf5)
Moodle Release Notes report : MSA-15-0037 Possible to send a message to a user who blocked messages from non contacts MSA-15-0038 DDoS possibility in Atto MSA-15-0039 CSRF in site registration form MSA-15-0040 Student XSS in survey MSA-15-0041 XSS in flash video player MSA-15-0042 CSRF in lesson...
FreeBSD : moodle -- multiple vulnerabilities (c2fcbec2-5daa-11e5-9909-002590263bf5)
Moodle Release Notes report : MSA-15-0030: Students can re-attempt answering questions in the lesson CVE-2015-5264 MSA-15-0031: Teacher in forum can still post to 'all participants' and groups they are not members of CVE-2015-5272 - 2.7.10 only MSA-15-0032: Users can delete files uploaded by othe...
Moodle 2.7.x < 2.7.1 XSS
Binary data 8717.prm...
Moodle 2.5.x < 2.5.7 / 2.6.x < 2.6.4 / 2.7.x < 2.7.1 XSS
Binary data 8722.prm...
Moodle 2.7.x < 2.7.3 Information Disclosure
Binary data 8718.prm...
WordPress Plugin Pixarbay Images 2.3 - Multiple Vulnerabilities
WordPress Plugin Pixarbay Images 2.3 - Multiple Vulnerabilities Mogwai Security Advisory MSA-2015-01 ---------------------------------------------------------------------- Title: WP Pixarbay Images Multiple Vulnerabilities Product: Pixarbay Images Wordpress Plugin Affected versions: 2.3 Impact:...
Updated moodle package fixes security vulnerabilities
In Moodle before 2.6.5, without forcing encoding, it was possible that UTF7 characters could be used to force cross-site scripts to AJAX scripts although this is unlikely on modern browsers and on most Moodle pages MSA-14-0035. In Moodle before 2.6.5, an XSS issue through $searchcourse in...
Typo3 Extension JobControl 2.14.0 - Cross-Site Scripting SQL Injection
Typo3 Extension JobControl 2.14.0 - Cross-Site Scripting SQL Injection Mogwai Security Advisory MSA-2014-02 ---------------------------------------------------------------------- Title: JobControl dmmjobcontrol Multiple Vulnerabilities Product: dmmjobcontrol Typo3 Extension Affected versions:...
ManageEngine EventLog Analyzer Multiple Vulnerabilities
ManageEngine EventLog Analyzer version 9.9 suffers from unauthenticated remote code execution via shell upload and authorization vulnerabilities. Mogwai Security Advisory MSA-2014-01 ---------------------------------------------------------------------- Title: ManageEngine EventLog Analyzer...
Fedora 19 : moodle-2.4.5-2.fc19 (2013-12964)
Latest upstream release for this branch. Correct unbundling of php-pear-HTML-Quickform. Fix for: MSA-13-0025: XSS vulnerability in YUI library MSA-13-0026: Personal information leak in IMS-LTI CVE-2013-2242 MSA-13-0027: Access issue in Chat module CVE-2013-2243 MSA-13-0028: Answer information...
Updated moodle package fixes multiple security vulnerabilities
Flash files distributed with the YUI library in Moodle before 2.4.5 may have allowed for cross-site scripting attacks MSA-13-0025. Privacy settings for the IMS-LTI External tool module in Moodle before 2.4.5 were not able to be changed so personal information was always transferred MSA-13-0026...
CVE-2013-1831
lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message...
CVE-2013-1835
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the loginas feature...
CVE-2012-0697
HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than CVE-2011-4788...
Path traversal
Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI...
Design/Logic Flaw
HP StorageWorks P2000 G3 MSA array systems have a default account, which makes it easier for remote attackers to perform administrative tasks via unspecified vectors, a different vulnerability than CVE-2011-4788...
CVE-2011-4788
Absolute path traversal vulnerability in the web interface on HP StorageWorks P2000 G3 MSA array systems allows remote attackers to read arbitrary files via a pathname in the URI...