|
297321
|
- |
|
moodle
|
moodle
|
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries vi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5480
|
2024-11-21 10:44 |
2012-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297322
|
- |
|
moodle
|
moodle
|
The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5479
|
2024-11-21 10:44 |
2012-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297323
|
- |
|
moodle
|
moodle
|
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an ad…
|
CWE-200
Information Exposure
|
CVE-2012-5473
|
2024-11-21 10:44 |
2012-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297324
|
- |
|
moodle
|
moodle
|
lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5472
|
2024-11-21 10:44 |
2012-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297325
|
- |
|
moodle
|
moodle
|
The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5471
|
2024-11-21 10:44 |
2012-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297326
|
- |
|
firebirdsql
|
firebird
|
TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL …
|
CWE-399
Resource Management Errors
|
CVE-2012-5529
|
2024-11-21 10:44 |
2012-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297327
|
- |
|
apple
|
cups
|
CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local use…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5519
|
2024-11-21 10:44 |
2012-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297328
|
- |
|
asial
|
monaca_debugger
|
The Asial Monaca Debugger application before 1.4.2 for Android allows remote attackers to obtain sensitive (1) account or (2) session ID information in a system log file via a crafted application.
|
CWE-200
Information Exposure
|
CVE-2012-5172
|
2024-11-21 10:44 |
2012-11-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297329
|
- |
|
mantisbt
|
mantisbt
|
core/email_api.php in MantisBT before 1.2.12 does not properly manage the sending of e-mail notifications about restricted bugs, which might allow remote authenticated users to obtain sensitive infor…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5523
|
2024-11-21 10:44 |
2012-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297330
|
- |
|
mantisbt
|
mantisbt
|
MantisBT before 1.2.12 does not use an expected default value during decisions about whether a user may modify the status of a bug, which allows remote authenticated users to bypass intended access r…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5522
|
2024-11-21 10:44 |
2012-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
