| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results |
| Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php |
| Moodle before 2.2.2: Overview report allows users to see hidden courses |
| Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export |
| Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default |
| Moodle before 2.2.2 has users' private files included in course backups |
| Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to |
| SQL injection vulnerability in search.php in phxEventManager 2.0 beta 5 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. |
| A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php. |
| A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php. |
| mwlib 0.13 through 0.13.4 has a denial of service vulnerability when parsing #iferror magic functions |
| An Information Disclosure vulnerability exists in the Jasig Project php-pear-CAS 1.2.2 package in the /tmp directory. The Central Authentication Service client library archives the debug logging file in an insecure manner. |
| A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed. |
| It was discovered that the XML::Atom Perl module before version 0.39 did not disable external entities when parsing XML from potentially untrusted sources. This may allow attackers to gain read access to otherwise protected resources, depending on how the library is used. |
| systemd 37-1 does not properly handle non-existent services, which causes a denial of service (failure of login procedure). |
| NetworkManager 0.9 and earlier allows local users to use other users' certificates or private keys when making a connection via the file path when adding a new connection. |
| JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostname in the same way, which can cause the excluded-contexts list to be mismatched and the root context to be exposed. |
| The init script in the Debian x11-common package before 1:7.6+12 is vulnerable to a symlink attack that can lead to a privilege escalation during package installation. |
| Multiple cross-site scripting (XSS) vulnerabilities in Chyrp before 2.1.2 and before 2.5 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) content parameter to includes/ajax.php or (2) body parameter to includes/error.php. |
| A vulnerability classified as problematic has been found in Halulu simple-download-button-shortcode Plugin 1.0 on WordPress. Affected is an unknown function of the file simple-download-button_dl.php of the component Download Handler. The manipulation of the argument file leads to information disclosure. It is possible to launch the attack remotely. Upgrading to version 1.1 is able to address this issue. The patch is identified as e648a8706818297cf02a665ae0bae1c069dea5f1. It is recommended to upgrade the affected component. VDB-242190 is the identifier assigned to this vulnerability. |
