|
290421
|
- |
|
moodle
|
moodle
|
course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4408
|
2024-11-21 10:42 |
2012-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290422
|
- |
|
moodle
|
moodle
|
lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive…
|
CWE-200
Information Exposure
|
CVE-2012-4407
|
2024-11-21 10:42 |
2012-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290423
|
- |
|
moodle
|
moodle
|
theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a r…
|
CWE-200
Information Exposure
|
CVE-2012-4403
|
2024-11-21 10:42 |
2012-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290424
|
- |
|
moodle
|
moodle
|
webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run ar…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4402
|
2024-11-21 10:42 |
2012-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290425
|
- |
|
moodle
|
moodle
|
Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended capability restrictions and perform certain topic changes by leveraging course-editing capabiliti…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4401
|
2024-11-21 10:42 |
2012-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290426
|
- |
|
moodle
|
moodle
|
repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4400
|
2024-11-21 10:42 |
2012-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290427
|
- |
|
freedesktop
gtk
|
spice-gtk
libgio
|
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS env…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4425
|
2024-11-21 10:42 |
2012-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290428
|
- |
|
openstack
|
keystone
|
OpenStack Keystone 2012.1.3 does not invalidate existing tokens when granting or revoking roles, which allows remote authenticated users to retain the privileges of the revoked roles.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4413
|
2024-11-21 10:42 |
2012-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290429
|
- |
|
ghostscript
argyllcms
color
|
ghostscript
cms
icclib
|
Multiple integer underflows in the icmLut_allocate function in International Color Consortium (ICC) Format library (icclib), as used in Ghostscript 9.06 and Argyll Color Management System, allow remo…
|
CWE-189
Numeric Errors
|
CVE-2012-4405
|
2024-11-21 10:42 |
2012-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290430
|
- |
|
mike_carr
|
flogr
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flogr 2.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) an arbitrary par…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4336
|
2024-11-21 10:42 |
2012-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
