| Page(s) : [1] 2 | Result(s) : 35 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| 2.1 | 2014-11-24 | CVE-2014-7835 | cve | webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated us... |
| 2.1 | 2014-11-24 | CVE-2014-8991 | cve | pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user. |
| 3.5 | 2014-11-24 | CVE-2014-7830 | cve | Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before ... |
| 3.5 | 2014-11-24 | CVE-2014-8349 | cve | Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML v... |
| 3.5 | 2014-11-24 | CVE-2014-8986 | cve | Cross-site scripting (XSS) vulnerability in the selection list in the filters in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows r... |
| 4 | 2014-11-24 | CVE-2014-7831 | cve | lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authen... |
| 4 | 2014-11-24 | CVE-2014-7832 | cve | mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather ... |
| 4 | 2014-11-24 | CVE-2014-7833 | cve | mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which al... |
| 4 | 2014-11-24 | CVE-2014-7834 | cve | mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via th... |
| 4 | 2014-11-24 | CVE-2014-7846 | cve | tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding ... |
| 4 | 2014-11-24 | CVE-2014-7821 | cve | OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the ... |
| 4 | 2014-11-24 | CVE-2014-8988 | cve | MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for ... |
| 4.3 | 2014-11-24 | CVE-2014-9059 | cve | lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow re... |
| 4.3 | 2014-11-24 | CVE-2012-6662 | cve | Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject... |
| 4.6 | 2014-11-24 | CVE-2014-7817 | cve | The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstra... |
| 5 | 2014-11-24 | CVE-2014-7847 | cve | iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote attackers to cause a denial of service (resource consum... |
| 5 | 2014-11-24 | CVE-2014-7848 | cve | lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 allows remote attackers to obtain sensitive information via a direct request, which reveals the ful... |
| 5 | 2014-11-24 | CVE-2014-9060 | cve | The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not properly restrict the parameters used in a return URL, which all... |
| 5 | 2014-11-24 | CVE-2014-8412 | cve | The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager Interface (AMI) in Asterisk Open Source 1.8.x before 1.8.32.1, 11.x before 11.14.1, 12.x before 12.7.1, and 13.... |
| 5 | 2014-11-24 | CVE-2014-8414 | cve | ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 before 11.6-cert8 does not properly handle state changes, which allows remote attackers to cause a denial ... |
| Page(s) : [1] 2 | Result(s) : 35 |
