|
278331
|
- |
|
moodle
|
moodle
|
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via craft…
|
CWE-79
Cross-site Scripting
|
CVE-2015-0216
|
2024-11-21 11:22 |
2015-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278332
|
- |
|
moodle
|
moodle
|
calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a…
|
CWE-200
Information Exposure
|
CVE-2015-0215
|
2024-11-21 11:22 |
2015-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278333
|
- |
|
moodle
|
moodle
|
message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-serv…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-0214
|
2024-11-21 11:22 |
2015-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278334
|
- |
|
moodle
|
moodle
|
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4…
|
CWE-352
Origin Validation Error
|
CVE-2015-0213
|
2024-11-21 11:22 |
2015-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278335
|
- |
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbi…
|
CWE-79
Cross-site Scripting
|
CVE-2015-0212
|
2024-11-21 11:22 |
2015-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278336
|
- |
|
moodle
|
moodle
|
mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities befo…
|
CWE-200
Information Exposure
|
CVE-2015-0211
|
2024-11-21 11:22 |
2015-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278337
|
- |
|
ibm
|
business_process_manager
websphere
|
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x throu…
|
CWE-79
Cross-site Scripting
|
CVE-2015-0193
|
2024-11-21 11:22 |
2015-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278338
|
- |
|
ibm
|
rational_requirements_composer
rational_doors_next_generation
|
IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through 4.0.7 and Rational DOORS Next Generation (RDNG) 4.0 through 4.0.7 and 5.0 through 5.0.2, when LTPA single sign on is used with W…
|
NVD-CWE-Other
|
CVE-2015-0121
|
2024-11-21 11:22 |
2015-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278339
|
- |
|
ibm
|
websphere_commerce
|
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2015-0200
|
2024-11-21 11:22 |
2015-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278340
|
- |
|
ibm
|
infosphere_information_server
|
The Connector Migration Tool in IBM InfoSphere Information Server 8.1 through 11.3 allows remote authenticated users to bypass intended restrictions on job creation and modification via unspecified v…
|
CWE-284
Improper Access Control
|
CVE-2015-0180
|
2024-11-21 11:22 |
2015-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
