|
286081
|
- |
|
moodle
|
moodle
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack …
|
CWE-352
Origin Validation Error
|
CVE-2014-7836
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286082
|
- |
|
moodle
|
moodle
|
webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files co…
|
CWE-79
Cross-site Scripting
|
CVE-2014-7835
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286083
|
- |
|
moodle
|
moodle
|
mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussion…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7834
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286084
|
- |
|
moodle
|
moodle
|
mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authentica…
|
CWE-200
Information Exposure
|
CVE-2014-7833
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286085
|
- |
|
moodle
|
moodle
|
mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity l…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7832
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286086
|
- |
|
moodle
|
moodle
|
lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtai…
|
CWE-200
Information Exposure
|
CVE-2014-7831
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286087
|
- |
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote au…
|
CWE-79
Cross-site Scripting
|
CVE-2014-7830
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286088
|
- |
|
ruby-lang
|
ruby
|
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption)…
|
NVD-CWE-Other
|
CVE-2014-8090
|
2024-11-21 11:18 |
2014-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286089
|
- |
|
open-xchange
|
open-xchange_appsuite
|
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API c…
|
CWE-89
SQL Injection
|
CVE-2014-7871
|
2024-11-21 11:18 |
2014-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286090
|
- |
|
cisco
|
unified_communications_manager_im_and_presence_service
|
Cisco Unified Communications Manager IM and Presence Service 9.1(1) produces different returned messages for URL requests depending on whether a username exists, which allows remote attackers to enum…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8000
|
2024-11-21 11:18 |
2014-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
