Lucene search
K

9 matches found

OSV
OSV
added 2022/05/13 1:12 a.m.22 views

GHSA-8RC7-4QFV-4484 Moodle does not properly restrict file access

The My Home implementation in the blockhtmlpluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML...

5CVSS5.5AI score0.02118EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2022/05/13 1:12 a.m.21 views

Moodle does not properly restrict file access

The My Home implementation in the blockhtmlpluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML...

5CVSS6.5AI score0.02118EPSS
Exploits0References9Affected Software1
Packet Storm
Packet Storm
added 2019/05/15 12:0 a.m.151 views

Legrand BTicino Driver Manager F454 1.0.51 Cross Site Request Forgery

!-- CSRF PoC OpenWebN...

0.4AI score
Exploits0
exploitpack
exploitpack
added 2019/05/15 12:0 a.m.21 views

Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery Cross-Site Scripting

Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery Cross-Site Scripting input type="hidden" name="password2" value="newpass123" /...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2019/05/15 12:0 a.m.210 views

Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery / Cross-Site Scripting

input type="submit" value="Submit requ...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2019/05/15 12:0 a.m.89 views

Legrand BTicino Driver Manager F454 1.0.51 Authenticated Stored XSS Exploit

Summary Audio/video web server for the remote control of the system using web pages or the MY HOME portal. The device can operate as a gateway for the use of the MHVisual and Virtual Configurator software - 6 DIN modules. It replaces item F453 and F453AV. Description The application suffers from ...

5.3CVSS6.1AI score0.00216EPSS
Exploits2
Veracode
Veracode
added 2017/07/19 8:4 a.m.20 views

Information Disclosure

Moodle is vulnerable to information disclosure. The vulnerability exists because the blockhtmlpluginfile function in blocks/html/lib.php does not properly check file access linked to HTML blocks on the My Home Page...

5CVSS5.5AI score0.02118EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2014/05/27 12:55 a.m.15 views

Hardcoded credentials

The My Home implementation in the blockhtmlpluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML...

5CVSS6.4AI score0.02118EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2014/05/27 12:0 a.m.27 views

CVE-2014-0216

The My Home implementation in the blockhtmlpluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML...

5.7AI score0.02118EPSS
Exploits0References3
Rows per page
Query Builder