Search CVE reports

A Security Bypass vulnerability exists in the phpCAS 1.2.2 library from the jasig project due to the way proxying of services are managed.

The $smarty.template variable in Smarty3 allows attackers to possibly execute arbitrary PHP code via the sysplugins/smarty_internal_compile_private_special_variable.php file.

Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough Versions 2.2 to 2.2.1+ affected.

Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs. Versions 2.2 to 2.2.1+, 2.1 to 2.1.4+, 2.0 to 2.0.7+ affected.

Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results Versions 2.2 to 2.2.1+, 2.1 to 2.1.4+ affected.

Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php Versions 2.2 to 2.2.1+, 2.1 to 2.1.4+ affected.

Moodle before 2.2.2: Overview report allows users to see hidden courses Versions 2.2 to 2.2.1+, 2.1 to 2.1.4+ affected.

Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export Versions 2.2 to 2.2.1+, 2.1 to 2.1.4+ are affected.

Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default Versions 2.2 to 2.2.1+, 2.1 to 2.1.4+, 2.0 to 2.0.7+ are affected.

Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. Versions 2.2 to 2.2.1+, 2.1 to 2.1.4+, 2.0 to 2.0.7+ affected.