Weekly Vulnerabilities Reports > June 1 to 7, 2015
Overview
72 new vulnerabilities reported during this period, including 4 critical vulnerabilities and 8 high severity vulnerabilities. This weekly summary report vulnerabilities in 72 products from 30 vendors including Moodle, Cisco, SAP, IBM, and XEN. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Information Exposure", "Cross-site Scripting", "Improper Input Validation", and "Resource Management Errors".
- 64 reported vulnerabilities are remotely exploitables.
- 4 reported vulnerabilities have public exploit available.
- 19 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 43 reported vulnerabilities are exploitable by an anonymous user.
- Moodle has the most reported vulnerabilities, with 24 reported vulnerabilities.
- Novell has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
4 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-06-07 | CVE-2010-5324 | Novell | Path Traversal vulnerability in Novell Zenworks Configuration Management 10.0/10.1/10.2 Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted directory name in the type parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323. | 10.0 |
2015-06-07 | CVE-2010-5323 | Novell | Path Traversal vulnerability in Novell Zenworks Configuration Management 10.0/10.1/10.2 Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter in conjunction with WAR content in the POST data, a different vulnerability than CVE-2010-5324. | 10.0 |
2015-06-02 | CVE-2015-0850 | Fusionforge | Improper Input Validation vulnerability in Fusionforge 6.0 The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository. | 10.0 |
2015-06-07 | CVE-2015-4001 | Linux | Numeric Errors vulnerability in Linux Kernel Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet. | 9.0 |
8 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-06-03 | CVE-2015-4104 | XEN | Permissions, Privileges, and Access Controls vulnerability in XEN Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors. | 7.8 |
2015-06-02 | CVE-2015-4161 | SAP | Permissions, Privileges, and Access Controls vulnerability in SAP Afaria SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown vectors, SAP Security Note 2155690. | 7.5 |
2015-06-02 | CVE-2015-4160 | SAP | SQL Injection vulnerability in SAP ASE Database Platform SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. | 7.5 |
2015-06-02 | CVE-2015-4159 | SAP | SQL Injection vulnerability in SAP Hana Web-Based Development Workbench SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. | 7.5 |
2015-06-02 | CVE-2015-2282 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP products Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. | 7.5 |
2015-06-07 | CVE-2015-0767 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Edge 340 Firmware 1.0.0/1.1.0 Cisco Edge 300 software 1.0 and 1.1 on Edge 340 devices allows local users to obtain root privileges via unspecified commands, aka Bug ID CSCur18132. | 7.2 |
2015-06-05 | CVE-2015-2124 | HP | Local Security vulnerability in HP Smart Zero Core and Thinpro Linux Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors. | 7.2 |
2015-06-04 | CVE-2015-0761 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Anyconnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileges via crafted vpnagent options, aka Bug ID CSCus86790. | 7.2 |
49 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-06-05 | CVE-2015-3950 | Xzeres | Cross-Site Request Forgery (CSRF) vulnerability in Xzeres 442Sr OS Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that select a different default admin user via a GET request. | 6.8 |
2015-06-05 | CVE-2015-1000 | Moxa | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Moxa Softcms 1.2 Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter. | 6.8 |
2015-06-05 | CVE-2015-0541 | RSA | Cross-Site Request Forgery (CSRF) vulnerability in RSA web Threat Detection Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
2015-06-02 | CVE-2015-0759 | Cisco | Improper Input Validation vulnerability in Cisco Headend Digital Broadband Delivery System Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
2015-06-01 | CVE-2015-2268 | Moodle | Resource Management Errors vulnerability in Moodle filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression. | 6.8 |
2015-06-01 | CVE-2015-0218 | Moodle | Cross-Site Request Forgery (CSRF) vulnerability in Moodle Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout. | 6.8 |
2015-06-01 | CVE-2015-0217 | Moodle | Resource Management Errors vulnerability in Moodle filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression. | 6.8 |
2015-06-01 | CVE-2015-0213 | Moodle | Cross-Site Request Forgery (CSRF) vulnerability in Moodle Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims. | 6.8 |
2015-06-03 | CVE-2015-4038 | Wpmembership | Permissions, Privileges, and Access Controls vulnerability in Wpmembership 1.2.3 The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php. | 6.5 |
2015-06-02 | CVE-2015-1945 | IBM | Remote Privilege Escalation vulnerability in IBM InfoSphere Reference Data Management Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors. | 6.5 |
2015-06-05 | CVE-2015-2950 | Open Explorer Beta Project | Path Traversal vulnerability in Open Explorer Beta Project Open Explorer Beta 0.253 Directory traversal vulnerability in the Brandon Bowles Open Explorer application before 0.254 Beta for Android allows remote attackers to write to arbitrary files via a crafted filename. | 6.4 |
2015-06-05 | CVE-2014-9201 | Beckwithelectric | Improper Input Validation vulnerability in Beckwithelectric products Beckwith Electric M-6200 Digital Voltage Regulator Control with firmware before D-0198V04.07.00, M-6200A Digital Voltage Regulator Control with firmware before D-0228V02.01.07, M-2001D Digital Tapchanger Control with firmware before D-0214V01.10.04, M-6283A Three Phase Digital Capacitor Bank Control with firmware before D-0346V03.00.02, M-6280A Digital Capacitor Bank Control with firmware before D-0254V03.05.05, and M-6280 Digital Capacitor Bank Control do not properly generate TCP initial sequence number (ISN) values, which makes it easier for remote attackers to spoof TCP sessions by predicting an ISN value. | 6.4 |
2015-06-02 | CVE-2015-4094 | Thycotic | Improper Certificate Validation vulnerability in Thycotic Secret Server 2.3 The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.8 |
2015-06-01 | CVE-2015-3175 | Moodle | Unspecified vulnerability in Moodle Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header. | 5.8 |
2015-06-07 | CVE-2015-0770 | Cisco | Improper Input Validation vulnerability in Cisco Telepresence TC Software CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341. | 5.0 |
2015-06-05 | CVE-2015-2951 | F21 | Improper Input Validation vulnerability in F21 JWT JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens. | 5.0 |
2015-06-04 | CVE-2015-0765 | Cisco | Resource Management Errors vulnerability in Cisco ONS 15454 System Software 10.30/10.301 Cisco ONS 15454 System Software 10.30 and 10.301 allows remote attackers to cause a denial of service (tNetTask CPU consumption or card reset) via a flood of (1) IP or (2) Ethernet traffic, aka Bug ID CSCus57263. | 5.0 |
2015-06-04 | CVE-2015-0764 | Cisco | Information Exposure vulnerability in Cisco Unified Meetingplace 8.6(1.9) Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603. | 5.0 |
2015-06-04 | CVE-2015-0763 | Cisco | Information Exposure vulnerability in Cisco Unified Meetingplace 8.6(1.2) Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338. | 5.0 |
2015-06-02 | CVE-2015-4158 | SAP | Denial of Service vulnerability in SAP products SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. | 5.0 |
2015-06-02 | CVE-2015-4157 | SAP | Denial of Service vulnerability in SAP Content Server SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995. | 5.0 |
2015-06-02 | CVE-2015-3982 | Djangoproject | Unspecified vulnerability in Djangoproject Django 1.8.0/1.8.1 The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key. | 5.0 |
2015-06-02 | CVE-2015-2278 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP products The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to look-ups of non-simple codes, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. | 5.0 |
2015-06-02 | CVE-2014-0999 | Sendio | Information Exposure vulnerability in Sendio 7.2.3 Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header. | 5.0 |
2015-06-03 | CVE-2015-4105 | XEN | Resource Management Errors vulnerability in XEN Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operations. | 4.9 |
2015-06-03 | CVE-2015-4103 | XEN | Permissions, Privileges, and Access Controls vulnerability in XEN Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields. | 4.9 |
2015-06-03 | CVE-2015-4106 | Qemu Debian Fedoraproject Suse Citrix Canonical | Incorrect Authorization vulnerability in multiple products QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host crash), obtain sensitive information, or possibly have other unspecified impact via unknown vectors. | 4.6 |
2015-06-04 | CVE-2015-0766 | Cisco | Cross-site Scripting vulnerability in Cisco Firesight System Software 6.0.0 Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug IDs CSCus93566, CSCut31557, and CSCut47196. | 4.3 |
2015-06-04 | CVE-2015-0762 | Cisco | Cross-site Scripting vulnerability in Cisco Unified Meetingplace 8.6(1.2)/8.6(1.9) Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) for Microsoft Outlook allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu51400. | 4.3 |
2015-06-03 | CVE-2014-9721 | Zeromq | Improper Input Validation vulnerability in Zeromq libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header. | 4.3 |
2015-06-02 | CVE-2015-4050 | Sensiolabs | Improper Access Control vulnerability in Sensiolabs Symfony FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if the _controller attribute is set, which allows remote attackers to bypass URL signing and security rules by including (1) no hash or (2) an invalid hash in a request to /_fragment. | 4.3 |
2015-06-01 | CVE-2015-3176 | Moodle | Information Exposure vulnerability in Moodle The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register. | 4.3 |
2015-06-01 | CVE-2015-2270 | Moodle | Code vulnerability in Moodle lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4, when the theme uses the blocks-regions feature, establishes the course state at an incorrect point in the login-validation process, which allows remote attackers to obtain sensitive course information via unspecified vectors. | 4.3 |
2015-06-07 | CVE-2015-2125 | HP | XXE vulnerability in HP Webinspect Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors. | 4.0 |
2015-06-07 | CVE-2015-0112 | IBM | XML External Entity Injection vulnerability in Multiple IBM Products Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3.0 through 3.0.1.6, 4.0 through 4.0.7, and 5.0 through 5.0.2; Rational Team Concert (RTC) 2.0 through 2.0.0.2, 3.x before 3.0.1.6 IF6, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Requirements Composer (RRC) 2.0 through 2.0.0.4, 3.x before 3.0.1.6 IF6, and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF5 and 5.x before 5.0.2 IF4; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2; and Rational Software Architect Design Manager (RSA DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 4.0 |
2015-06-07 | CVE-2014-8887 | IBM | Improper Input Validation vulnerability in IBM Marketing Operations IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to upload arbitrary GIFAR files, and consequently modify data, via unspecified vectors. | 4.0 |
2015-06-07 | CVE-2014-6222 | IBM | Path Traversal vulnerability in IBM Marketing Operations Directory traversal vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to read arbitrary files via a .. | 4.0 |
2015-06-04 | CVE-2015-0760 | Cisco | Improper Input Validation vulnerability in Cisco Adaptive Security Appliance Software The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259. | 4.0 |
2015-06-02 | CVE-2015-4162 | Paloaltonetworks | Unspecified vulnerability in Paloaltonetworks Pan-Os XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive information via crafted XML data. | 4.0 |
2015-06-02 | CVE-2014-8391 | Sendio | Information Exposure vulnerability in Sendio 7.2.3 The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests. | 4.0 |
2015-06-01 | CVE-2015-3181 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restrictions by using web services to perform uploads after this capability has been revoked. | 4.0 |
2015-06-01 | CVE-2015-3180 | Moodle | Information Exposure vulnerability in Moodle lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment. | 4.0 |
2015-06-01 | CVE-2015-2272 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token. | 4.0 |
2015-06-01 | CVE-2015-2271 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass intended access restrictions via the "Flag as inappropriate" feature. | 4.0 |
2015-06-01 | CVE-2015-2267 | Moodle | Improper Access Control vulnerability in Moodle mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value. | 4.0 |
2015-06-01 | CVE-2015-2266 | Moodle | Information Exposure vulnerability in Moodle message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/site:readallmessages capability before accessing arbitrary conversations, which allows remote authenticated users to obtain sensitive personal-contact and unread-message-count information via a modified URL. | 4.0 |
2015-06-01 | CVE-2015-0215 | Moodle | Information Exposure vulnerability in Moodle calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request. | 4.0 |
2015-06-01 | CVE-2015-0214 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request. | 4.0 |
2015-06-01 | CVE-2015-0211 | Moodle | Information Exposure vulnerability in Moodle mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtain sensitive information via requests to the LTI Ajax service. | 4.0 |
11 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-06-02 | CVE-2015-4156 | Opensuse GNU | Link Following vulnerability in multiple products GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file. | 3.6 |
2015-06-02 | CVE-2015-4155 | GNU | Link Following vulnerability in GNU Parallel GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file. | 3.6 |
2015-06-07 | CVE-2014-6175 | IBM | Cross-site Scripting vulnerability in IBM Marketing Operations Cross-site scripting (XSS) vulnerability in IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before 8.6.0.8, 9.0.x before 9.0.0.4.1, 9.1.0.x before 9.1.0.5, and 9.1.1.x before 9.1.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2015-06-01 | CVE-2015-3179 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account. | 3.5 |
2015-06-01 | CVE-2015-3178 | Moodle | Cross-site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services. | 3.5 |
2015-06-01 | CVE-2015-3177 | Moodle | Code vulnerability in Moodle Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sensitive information via a subscription request. | 3.5 |
2015-06-01 | CVE-2015-3174 | Moodle | Cross-site Scripting vulnerability in Moodle mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook feedback during manual quiz grading. | 3.5 |
2015-06-01 | CVE-2015-2273 | Moodle | Cross-site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the student role for a crafted quiz response. | 3.5 |
2015-06-01 | CVE-2015-2269 | Moodle | Cross-site Scripting vulnerability in Moodle Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element. | 3.5 |
2015-06-01 | CVE-2015-0216 | Moodle | Cross-site Scripting vulnerability in Moodle 2.8.0/2.8.1 access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback. | 3.5 |
2015-06-01 | CVE-2015-0212 | Moodle | Cross-site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary. | 3.5 |