|
295011
|
- |
|
moodle
|
moodle
|
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2355
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295012
|
- |
|
moodle
|
moodle
|
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent co…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2354
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295013
|
- |
|
moodle
|
moodle
|
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled u…
|
CWE-200
Information Exposure
|
CVE-2012-2353
|
2024-11-21 10:38 |
2012-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295014
|
- |
|
florian_weber
|
spaces
|
The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2303
|
2024-11-21 10:38 |
2012-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295015
|
- |
|
rubygems
|
mail_gem
|
The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery.
|
CWE-20
Improper Input Validation
|
CVE-2012-2140
|
2024-11-21 10:38 |
2012-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295016
|
- |
|
rubygems
|
mail_gem
|
Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the…
|
CWE-22
Path Traversal
|
CVE-2012-2139
|
2024-11-21 10:38 |
2012-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295017
|
- |
|
mozilla
|
firefox
thunderbird
thunderbird_esr
seamonkey
|
Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript …
|
NVD-CWE-Other
|
CVE-2012-1967
|
2024-11-21 10:38 |
2012-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295018
|
- |
|
mozilla
|
firefox
|
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cro…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1966
|
2024-11-21 10:38 |
2012-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295019
|
- |
|
mozilla
|
firefox
|
Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scrip…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1965
|
2024-11-21 10:38 |
2012-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295020
|
- |
|
mozilla
|
firefox
thunderbird
thunderbird_esr
seamonkey
|
The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, T…
|
NVD-CWE-noinfo
|
CVE-2012-1964
|
2024-11-21 10:38 |
2012-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
