CVE-2016-8643 (moodle)

In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.

Source: CVE-2016-8643 (moodle)

CVE-2016-8644 (moodle)

In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context.

Source: CVE-2016-8644 (moodle)

CVE-2017-2576 (moodle)

In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums.

Source: CVE-2017-2576 (moodle)

CVE-2016-10143 (tikiwiki_cms/groupware)

A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field.

Source: CVE-2016-10143 (tikiwiki_cms/groupware)

CVE-2017-5541 (symphony_cms)

Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters.

Source: CVE-2017-5541 (symphony_cms)

CVE-2017-5543 (subrion_cms)

includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.

Source: CVE-2017-5543 (subrion_cms)

CVE-2016-5012 (moodle)

In Moodle 3.x, glossary search displays entries without checking user permissions to view them.

Source: CVE-2016-5012 (moodle)

CVE-2017-2578 (moodle)

In Moodle 3.x, there is XSS in the assignment submission page.

Source: CVE-2017-2578 (moodle)

CVE-2017-5542 (symphony_cms)

Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter.

Source: CVE-2017-5542 (symphony_cms)

CVE-2016-5013

In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.

Source: CVE-2016-5013