|
282691
|
- |
|
moodle
|
moodle
|
mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussion…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7834
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282692
|
- |
|
moodle
|
moodle
|
mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authentica…
|
CWE-200
Information Exposure
|
CVE-2014-7833
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282693
|
- |
|
moodle
|
moodle
|
mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity l…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7832
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282694
|
- |
|
moodle
|
moodle
|
lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtai…
|
CWE-200
Information Exposure
|
CVE-2014-7831
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282695
|
- |
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote au…
|
CWE-79
Cross-site Scripting
|
CVE-2014-7830
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282696
|
- |
|
ruby-lang
|
ruby
|
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption)…
|
NVD-CWE-Other
|
CVE-2014-8090
|
2024-11-21 11:18 |
2014-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282697
|
- |
|
open-xchange
|
open-xchange_appsuite
|
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API c…
|
CWE-89
SQL Injection
|
CVE-2014-7871
|
2024-11-21 11:18 |
2014-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282698
|
- |
|
cisco
|
unified_communications_manager_im_and_presence_service
|
Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enum…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8000
|
2024-11-21 11:18 |
2014-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282699
|
- |
|
freeipa
|
freeipa
|
FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is enabled, allows remote attackers to bypass the password requirement of the two-factor authentication leveraging an enabled OTP token, wh…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7828
|
2024-11-21 11:18 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282700
|
- |
|
google
|
chrome
|
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2014-7910
|
2024-11-21 11:18 |
2014-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
