|
286751
|
- |
|
moodle
|
moodle
|
enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name an…
|
CWE-200
Information Exposure
|
CVE-2014-0217
|
2024-11-21 11:01 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286752
|
- |
|
moodle
|
moodle
|
The My Home implementation in the block_html_pluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly res…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0216
|
2024-11-21 11:01 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286753
|
- |
|
moodle
|
moodle
|
The blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by (1) …
|
CWE-200
Information Exposure
|
CVE-2014-0215
|
2024-11-21 11:01 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286754
|
- |
|
moodle
|
moodle
|
login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 creates a MoodleMobile web-service token with an infinite lifetime, which makes it easier for…
|
CWE-287
Improper Authentication
|
CVE-2014-0214
|
2024-11-21 11:01 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286755
|
- |
|
moodle
|
moodle
|
Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2…
|
CWE-352
Origin Validation Error
|
CVE-2014-0213
|
2024-11-21 11:01 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286756
|
- |
|
pocoo
|
jinja2
|
FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create temporary directories, which allows local users to gain privileges by pre-creating a temporary directory with a user's uid. NOTE: thi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0012
|
2024-11-21 11:01 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286757
|
- |
|
canonical
x
|
ubuntu_linux
libxfont
|
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to…
|
CWE-189
Numeric Errors
|
CVE-2014-0211
|
2024-11-21 11:01 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286758
|
- |
|
x
canonical
|
libxfont
ubuntu_linux
|
Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_set…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0210
|
2024-11-21 11:01 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286759
|
- |
|
x
canonical
|
libxfont
ubuntu_linux
|
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a di…
|
CWE-189
Numeric Errors
|
CVE-2014-0209
|
2024-11-21 11:01 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286760
|
- |
|
redhat
|
cloudforms_3.0_management_engine
|
SQL injection vulnerability in the saved_report_delete action in the ReportController in Red Hat CloudForms Management Engine (CFME) before 5.2.3.2 allows remote authenticated users to execute arbitr…
|
CWE-89
SQL Injection
|
CVE-2014-0137
|
2024-11-21 11:01 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
