|
301041
|
- |
|
moodle
|
moodle
|
Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page.
|
CWE-200
Information Exposure
|
CVE-2012-0799
|
2024-11-21 10:35 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301042
|
- |
|
moodle
|
moodle
|
The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0798
|
2024-11-21 10:35 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301043
|
- |
|
moodle
|
moodle
|
The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a…
|
CWE-16
Configuration
|
CVE-2012-0797
|
2024-11-21 10:35 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301044
|
- |
|
moodle
|
moodle
|
class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated use…
|
CWE-94
Code Injection
|
CVE-2012-0796
|
2024-11-21 10:35 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301045
|
- |
|
moodle
|
moodle
|
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified im…
|
CWE-20
Improper Input Validation
|
CVE-2012-0795
|
2024-11-21 10:35 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301046
|
- |
|
moodle
|
moodle
|
The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easi…
|
CWE-255
Credentials Management
|
CVE-2012-0794
|
2024-11-21 10:35 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301047
|
- |
|
moodle
|
moodle
|
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0793
|
2024-11-21 10:35 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301048
|
- |
|
moodle
|
moodle
|
mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts.
|
CWE-200
Information Exposure
|
CVE-2012-0792
|
2024-11-21 10:35 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301049
|
9.8 |
CRITICAL
Network
|
tiki
|
tikiwiki_cms\/groupware
|
TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote attackers to execute arbitrary PHP code via a crafted serialized object in the (1) cookieName to lib/banners/bannerlib.php; (2) prin…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2012-0911
|
2024-11-21 10:35 |
2012-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301050
|
- |
|
libexpat_project
python
debian
canonical
oracle
redhat
|
libexpat
python
debian_linux
ubuntu_linux
solaris
enterprise_linux_server
enterprise_linux_server_aus
enterprise_linux_workstation
enterprise_linux_desktop
storage
enter…
|
The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a deni…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2012-0876
|
2024-11-21 10:35 |
2012-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
