In Moodle 3.2.x, global search displays user names for unauthenticated users.
Monthly Archives: March 2017
CVE-2017-2641
In Moodle 2.x and 3.x, SQL injection can occur via user preferences.
CVE-2017-2645
In Moodle 3.x, XSS can occur via attachments to evidence of prior learning.
CVE-2017-2644
In Moodle 3.x, XSS can occur via evidence of prior learning.
Parcel Delivery Booking Script 1.0 SQL Injection
Parcel Delivery Booking Script version 1.0 suffers from a remote SQL injection vulnerability.
Microsoft Visual Studio 2015 Update 3 Denial Of Service
Microsoft Visual Studio 2015 update 3 suffers from a denial of service vulnerability.
Trend Micro Control Manager Widget importFile.php Directory Traversal
A directory traversal vulnerability has been reported in Trend Micro Control Manager. This vulnerability is caused by improper sanitization of directory traversal characters by importFile php. A remote, unauthenticated attacker could exploit this vulnerability by uploading arbitrary files onto the vulnerable server.server.
Tour Package Booking 1.0 SQL Injection
Tour Package Booking version 1.0 suffers from a remote SQL injection vulnerability.
CVE-2017-7263
The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted BMP image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-8698.
CVE-2017-7266
Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout functionality accepted the “next” parameter which then redirects to any domain irrespective of the Host header.