|
272411
|
8.1 |
HIGH
Network
|
apache
canonical
debian
|
tomcat
ubuntu_linux
debian_linux
|
Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the sam…
|
NVD-CWE-Other
|
CVE-2015-5346
|
2024-11-21 11:32 |
2016-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272412
|
5.3 |
MEDIUM
Network
|
debian
apache
canonical
|
debian_linux
tomcat
ubuntu_linux
|
The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which a…
|
CWE-22
Path Traversal
|
CVE-2015-5345
|
2024-11-21 11:32 |
2016-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272413
|
4.3 |
MEDIUM
Network
|
debian
apache
canonical
|
debian_linux
tomcat
ubuntu_linux
|
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager…
|
CWE-22
Path Traversal
|
CVE-2015-5174
|
2024-11-21 11:32 |
2016-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272414
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5342
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272415
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access re…
|
CWE-264
CWE-200
Permissions, Privileges, and Access Controls
Information Exposure
|
CVE-2015-5341
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272416
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sen…
|
CWE-264
CWE-200
Permissions, Privileges, and Access Controls
Information Exposure
|
CVE-2015-5340
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272417
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
The core_enrol_get_enrolled_users web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement group-base…
|
CWE-264
CWE-200
Permissions, Privileges, and Access Controls
Information Exposure
|
CVE-2015-5339
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272418
|
8.8 |
HIGH
Network
|
moodle
|
moodle
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hij…
|
CWE-352
Origin Validation Error
|
CVE-2015-5338
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272419
|
6.1 |
MEDIUM
Network
|
moodle
|
moodle
|
Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly restrict the availability of Flowplayer, which allows remote attackers to conduct cross-site s…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5337
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272420
|
5.4 |
MEDIUM
Network
|
moodle
|
moodle
|
Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to …
|
CWE-79
Cross-site Scripting
|
CVE-2015-5336
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
