|
291201
|
- |
|
moodle
|
moodle
|
SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands …
|
CWE-89
SQL Injection
|
CVE-2012-3395
|
2024-11-21 10:40 |
2012-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291202
|
- |
|
moodle
|
moodle
|
auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows r…
|
CWE-200
Information Exposure
|
CVE-2012-3394
|
2024-11-21 10:40 |
2012-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291203
|
- |
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3393
|
2024-11-21 10:40 |
2012-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291204
|
- |
|
moodle
|
moodle
|
mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription re…
|
CWE-16
Configuration
|
CVE-2012-3392
|
2024-11-21 10:40 |
2012-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291205
|
- |
|
moodle
|
moodle
|
mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3391
|
2024-11-21 10:40 |
2012-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291206
|
- |
|
moodle
|
moodle
|
lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive i…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3390
|
2024-11-21 10:40 |
2012-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291207
|
- |
|
moodle
|
moodle
|
Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via …
|
CWE-79
Cross-site Scripting
|
CVE-2012-3389
|
2024-11-21 10:40 |
2012-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291208
|
- |
|
moodle
|
moodle
|
The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3388
|
2024-11-21 10:40 |
2012-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291209
|
- |
|
moodle
|
moodle
|
Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrict…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3387
|
2024-11-21 10:40 |
2012-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291210
|
- |
|
symantec
|
web_gateway
|
The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to change arbitrary passwords via crafted input to an application script.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2977
|
2024-11-21 10:40 |
2012-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
