Multiple Cross-Site Request Forgery (CSRF)

Moodle is vulnerable to multiple cross-site request forgery CSRF attacks. The attacks exist because mod/assign/locallib.php does not properly handle session checking in Assignment's quick-grading, allowing any authenticated user to perform the attacks...

Cross-site Request Forgery (CSRF)

Moodle is vulnerable to cross-site request forgery CSRF attacks. These attacks are possible because it does not have enough session checking in enrol/imsenterprise/importnow.php during import of IMS Enterprise identities. This can allow a malicious user to hijack administrator's authentication...

PT-2016-07: Unauthorized Access in Vesta Control Panel

The specialists of the Positive Research center have detected an Unauthorized Access vulnerability in Vesta Control Panel. Directory /web/filemanager/ contains scenarios which perform file manager operations in control panel. Scenario files.php lacks active user session checking that allows...

Moodle < 2.4 / 2.4.x < 2.4.10 / 2.5.x < 2.5.6 / 2.6.x < 2.6.3 Multiple Vulnerabilities

Binary data 8716.prm...

Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities

No description provided by source. +---------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Drupal CMS 7.12 latest stable release Multiple Vulnerabilities Date : 02-03-2012 Author : Ivano...

Updated moodle packages fix multiple vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.3, Session checking was not being performed correctly in Assignment's quick-grading, allowing forged requests to be made unknowingly by authenticated users CVE-2014-0213. In Moodle before 2.6.3, MoodleMobile web service...

MGASA-2014-0230 Updated moodle packages fix multiple vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.3, Session checking was not being performed correctly in Assignment's quick-grading, allowing forged requests to be made unknowingly by authenticated users CVE-2014-0213. In Moodle before 2.6.3, MoodleMobile web service...

MGASA-2014-0053 Updated moodle package fixes security vulnerabilities

Updated moodle package fixes security vulnerabilities: In Moodle before 2.4.8, some password changes on admin pages were being recorded and shown to administrators in the config log report CVE-2014-0008. In Moodle before 2.4.8, users were able to log in as a user who in a is not in the same group...

Drupal CMS version 7.12 suffers from multiple cross site request forgery vulnerabilities

No description provided by source. Exploit Title : Drupal CMS 7.12 latest stable release Multiple Vulnerabilities Date : 02-03-2012 Author : Ivano Binetti http://ivanobinetti.com Software link : http://drupal.org/download Vendor site : http://drupal.org Version : 7.12 and lower Tested on : Debian...

Drupal CMS 7.12 (latest stable release) Multiple Vulnerabilities

Exploit for php platform in category web applications +---------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Drupal CMS 7.12 latest stable release Multiple Vulnerabilities Date :...

Drupal 7.12 - Multiple Vulnerabilities

Drupal 7.12 - Multiple Vulnerabilities +---------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Drupal CMS 7.12 latest stable release Multiple Vulnerabilities Date : 02-03-2012 Author :...

Drupal CMS 7.12 Cross Site Request Forgery

+---------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Drupal CMS 7.12 latest stable release Multiple Vulnerabilities Date : 02-03-2012 Author : Ivano Binetti http://ivanobinetti.com...

Drupal 7.12 - Multiple Vulnerabilities

+---------------------------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Drupal CMS 7.12 latest stable release Multiple Vulnerabilities Date : 02-03-2012 Author : Ivano Binetti http://ivanobinetti.com...

CMS from Scratch &lt;= 1.1.3 (fckeditor) Remote Shell Upload Exploit

No description provided by source. ?php / ----------------------------------------------------------------- CMS from Scratch = 1.1.3 fckeditor Remote Shell Upload Exploit ----------------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.1.:...

Web Wiz Rich Text Editor 4.0 - Multiple Vulnerabilities

WwW.BugReport.ir AmnPardaz Security Research Team Title: Web Wiz Rich Text EditorTM Vendor: http://www.webwizguide.com/ Bug: Directory traversal + HTM/HTML file creation on the server Vulnerable Version: 4.0 Exploit: Available Fix Available: No! Fast Solution is available. - Description: Web Wiz...