|
296221
|
- |
|
moodle
|
moodle
|
Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2358
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296222
|
- |
|
moodle
|
moodle
|
The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allo…
|
CWE-200
Information Exposure
|
CVE-2012-2357
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296223
|
- |
|
moodle
|
moodle
|
The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2356
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296224
|
- |
|
moodle
|
moodle
|
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2355
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296225
|
- |
|
moodle
|
moodle
|
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent co…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2354
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296226
|
- |
|
moodle
|
moodle
|
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled u…
|
CWE-200
Information Exposure
|
CVE-2012-2353
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296227
|
- |
|
florian_weber
|
spaces
|
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2303
|
2024-11-21 10:38 |
2012-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296228
|
- |
|
rubygems
|
mail_gem
|
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.
|
CWE-20
Improper Input Validation
|
CVE-2012-2140
|
2024-11-21 10:38 |
2012-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296229
|
- |
|
rubygems
|
mail_gem
|
Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the…
|
CWE-22
Path Traversal
|
CVE-2012-2139
|
2024-11-21 10:38 |
2012-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296230
|
- |
|
mozilla
|
firefox
thunderbird
thunderbird_esr
seamonkey
|
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript …
|
NVD-CWE-Other
|
CVE-2012-1967
|
2024-11-21 10:38 |
2012-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
