|
286621
|
- |
|
canonical
debian
gnu
opensuse
|
ubuntu_linux
debian_linux
glibc
opensuse
|
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containin…
|
CWE-20
Improper Input Validation
|
CVE-2014-7817
|
2024-11-21 11:18 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286622
|
- |
|
moodle
|
moodle
|
lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error mes…
|
CWE-200
Information Exposure
|
CVE-2014-7848
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286623
|
- |
|
moodle
|
moodle
|
iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote attackers to cause a denial of service (resource consumption) by triggering t…
|
CWE-399
Resource Management Errors
|
CVE-2014-7847
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286624
|
- |
|
moodle
|
moodle
|
tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows re…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7846
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286625
|
- |
|
moodle
|
moodle
|
The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which all…
|
CWE-255
Credentials Management
|
CVE-2014-7845
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286626
|
- |
|
moodle
|
moodle
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijac…
|
CWE-352
Origin Validation Error
|
CVE-2014-7838
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286627
|
- |
|
moodle
|
moodle
|
mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7837
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286628
|
- |
|
moodle
|
moodle
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack …
|
CWE-352
Origin Validation Error
|
CVE-2014-7836
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286629
|
- |
|
moodle
|
moodle
|
webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files co…
|
CWE-79
Cross-site Scripting
|
CVE-2014-7835
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286630
|
- |
|
moodle
|
moodle
|
mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussion…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7834
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
