9 matches found
GHSA-8RC7-4QFV-4484 Moodle does not properly restrict file access
The My Home implementation in the blockhtmlpluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML...
Moodle does not properly restrict file access
The My Home implementation in the blockhtmlpluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML...
Legrand BTicino Driver Manager F454 1.0.51 Cross Site Request Forgery
!-- CSRF PoC OpenWebN...
Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery Cross-Site Scripting
Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery Cross-Site Scripting input type="hidden" name="password2" value="newpass123" /...
Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery / Cross-Site Scripting
input type="submit" value="Submit requ...
Legrand BTicino Driver Manager F454 1.0.51 Authenticated Stored XSS Exploit
Summary Audio/video web server for the remote control of the system using web pages or the MY HOME portal. The device can operate as a gateway for the use of the MHVisual and Virtual Configurator software - 6 DIN modules. It replaces item F453 and F453AV. Description The application suffers from ...
Information Disclosure
Moodle is vulnerable to information disclosure. The vulnerability exists because the blockhtmlpluginfile function in blocks/html/lib.php does not properly check file access linked to HTML blocks on the My Home Page...
Hardcoded credentials
The My Home implementation in the blockhtmlpluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML...
CVE-2014-0216
The My Home implementation in the blockhtmlpluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML...