|
290361
|
- |
|
moodle
|
moodle
|
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.ph…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3546
|
2024-11-21 11:08 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290362
|
- |
|
moodle
|
moodle
|
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a q…
|
CWE-94
Code Injection
|
CVE-2014-3545
|
2024-11-21 11:08 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290363
|
- |
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated …
|
CWE-79
Cross-site Scripting
|
CVE-2014-3544
|
2024-11-21 11:08 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290364
|
- |
|
moodle
|
moodle
|
mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via a package with…
|
CWE-200
Information Exposure
|
CVE-2014-3543
|
2024-11-21 11:08 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290365
|
- |
|
moodle
|
moodle
|
mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external e…
|
CWE-200
Information Exposure
|
CVE-2014-3542
|
2024-11-21 11:08 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290366
|
- |
|
moodle
|
moodle
|
The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attack…
|
CWE-94
Code Injection
|
CVE-2014-3541
|
2024-11-21 11:08 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290367
|
- |
|
openstack
|
neutron
|
OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to cause a denial of service (crash or long firewall rule updates) by creating a la…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3555
|
2024-11-21 11:08 |
2014-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290368
|
- |
|
apple
canonical
fedoraproject
|
cups
ubuntu_linux
fedora
|
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.
|
CWE-59
Link Following
|
CVE-2014-3537
|
2024-11-21 11:08 |
2014-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290369
|
- |
|
redhat
|
jboss_enterprise_application_platform
|
The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references…
|
CWE-200
Information Exposure
|
CVE-2014-3530
|
2024-11-21 11:08 |
2014-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290370
|
- |
|
redhat
|
jboss_enterprise_portal_platform
jboss_enterprise_brms_platform
jboss_enterprise_application_platform
jboss_enterprise_soa_platform
|
jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platfor…
|
CWE-94
Code Injection
|
CVE-2014-3518
|
2024-11-21 11:08 |
2014-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
