|
294021
|
- |
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web scrip…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2360
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294022
|
- |
|
moodle
|
moodle
|
admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying the…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2359
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294023
|
- |
|
moodle
|
moodle
|
Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2358
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294024
|
- |
|
moodle
|
moodle
|
The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allo…
|
CWE-200
Information Exposure
|
CVE-2012-2357
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294025
|
- |
|
moodle
|
moodle
|
The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2356
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294026
|
- |
|
moodle
|
moodle
|
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2355
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294027
|
- |
|
moodle
|
moodle
|
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent co…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2354
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294028
|
- |
|
moodle
|
moodle
|
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled u…
|
CWE-200
Information Exposure
|
CVE-2012-2353
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294029
|
- |
|
florian_weber
|
spaces
|
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2303
|
2024-11-21 10:38 |
2012-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294030
|
- |
|
rubygems
|
mail_gem
|
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.
|
CWE-20
Improper Input Validation
|
CVE-2012-2140
|
2024-11-21 10:38 |
2012-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
