|
296581
|
- |
|
oracle
|
sun_glassfish_enterprise_server
|
Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect confidentiality and integrity, related to JSF.
|
NVD-CWE-noinfo
|
CVE-2011-4358
|
2024-11-21 10:32 |
2012-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296582
|
- |
|
moodle
|
moodle
|
comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and o…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4297
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296583
|
- |
|
moodle
|
moodle
|
lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by le…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4296
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296584
|
- |
|
moodle
|
moodle
|
The moodle_enrol_external:role_assign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated use…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4295
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296585
|
- |
|
moodle
|
moodle
|
The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle …
|
CWE-20
Improper Input Validation
|
CVE-2011-4294
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296586
|
- |
|
moodle
|
moodle
|
The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4293
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296587
|
- |
|
moodle
|
moodle
|
Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations.
|
CWE-89
SQL Injection
|
CVE-2011-4292
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296588
|
- |
|
moodle
|
moodle
|
Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted ratings operations.
|
NVD-CWE-noinfo
|
CVE-2011-4291
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296589
|
- |
|
moodle
|
moodle
|
Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4290
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296590
|
- |
|
moodle
|
moodle
|
Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4289
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
