|
290941
|
- |
|
moodle
|
moodle
|
badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility o…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0129
|
2024-11-21 11:01 |
2014-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290942
|
- |
|
moodle
|
moodle
|
repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Al…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0125
|
2024-11-21 11:01 |
2014-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290943
|
- |
|
moodle
|
moodle
|
Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers t…
|
CWE-352
Origin Validation Error
|
CVE-2014-0126
|
2024-11-21 11:01 |
2014-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290944
|
- |
|
moodle
|
moodle
|
The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properl…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0124
|
2024-11-21 11:01 |
2014-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290945
|
- |
|
moodle
|
moodle
|
mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which al…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0122
|
2024-11-21 11:01 |
2014-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290946
|
- |
|
moodle
|
moodle
|
The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict (1) view and (2) edit access, which allows remote authenticated …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0123
|
2024-11-21 11:01 |
2014-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290947
|
- |
|
apache
|
camel
|
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0003
|
2024-11-21 11:01 |
2014-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290948
|
- |
|
apache
|
camel
|
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0002
|
2024-11-21 11:01 |
2014-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290949
|
- |
|
fedoraproject
|
389_directory_server
|
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SAS…
|
CWE-287
Improper Authentication
|
CVE-2014-0132
|
2024-11-21 11:01 |
2014-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290950
|
- |
|
redhat
|
cloudforms
cloudforms_3.0_management_engine
|
The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unsp…
|
CWE-94
Code Injection
|
CVE-2014-0057
|
2024-11-21 11:01 |
2014-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
