|
285831
|
- |
|
modwsgi
|
mod_wsgi
|
The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain pri…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0240
|
2024-11-21 11:01 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285832
|
- |
|
github
|
hub
|
The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.
|
CWE-310
Cryptographic Issues
|
CVE-2014-0177
|
2024-11-21 11:01 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285833
|
- |
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows re…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0218
|
2024-11-21 11:01 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285834
|
- |
|
moodle
|
moodle
|
enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name an…
|
CWE-200
Information Exposure
|
CVE-2014-0217
|
2024-11-21 11:01 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285835
|
- |
|
moodle
|
moodle
|
The My Home implementation in the block_html_pluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly res…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0216
|
2024-11-21 11:01 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285836
|
- |
|
moodle
|
moodle
|
The blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by (1) …
|
CWE-200
Information Exposure
|
CVE-2014-0215
|
2024-11-21 11:01 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285837
|
- |
|
moodle
|
moodle
|
login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 creates a MoodleMobile web-service token with an infinite lifetime, which makes it easier for…
|
CWE-287
Improper Authentication
|
CVE-2014-0214
|
2024-11-21 11:01 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285838
|
- |
|
moodle
|
moodle
|
Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2…
|
CWE-352
Origin Validation Error
|
CVE-2014-0213
|
2024-11-21 11:01 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285839
|
- |
|
pocoo
|
jinja2
|
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: thi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0012
|
2024-11-21 11:01 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285840
|
- |
|
canonical
x
|
ubuntu_linux
libxfont
|
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to…
|
CWE-189
Numeric Errors
|
CVE-2014-0211
|
2024-11-21 11:01 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
