|
293271
|
- |
|
moodle
|
moodle
|
The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allo…
|
CWE-200
Information Exposure
|
CVE-2012-2357
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293272
|
- |
|
moodle
|
moodle
|
The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2356
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293273
|
- |
|
moodle
|
moodle
|
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2355
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293274
|
- |
|
moodle
|
moodle
|
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent co…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2354
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293275
|
- |
|
moodle
|
moodle
|
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled u…
|
CWE-200
Information Exposure
|
CVE-2012-2353
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293276
|
- |
|
florian_weber
|
spaces
|
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2303
|
2024-11-21 10:38 |
2012-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293277
|
- |
|
rubygems
|
mail_gem
|
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.
|
CWE-20
Improper Input Validation
|
CVE-2012-2140
|
2024-11-21 10:38 |
2012-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293278
|
- |
|
rubygems
|
mail_gem
|
Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the…
|
CWE-22
Path Traversal
|
CVE-2012-2139
|
2024-11-21 10:38 |
2012-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293279
|
- |
|
mozilla
|
firefox
thunderbird
thunderbird_esr
seamonkey
|
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript …
|
NVD-CWE-Other
|
CVE-2012-1967
|
2024-11-21 10:38 |
2012-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293280
|
- |
|
mozilla
|
firefox
|
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cro…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1966
|
2024-11-21 10:38 |
2012-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
