Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mod security mod security 1.7.1 vulnerabilities and exploits
(subscribe to this query)
685
VMScore
CVE-2007-1359
Interpretation conflict in ModSecurity (mod_security) 2.1.0 and previous versions allows remote malicious users to bypass request rules via application/x-www-form-urlencoded POST data that contains an ASCIIZ (0x00) byte, which mod_security treats as a terminator even though it is...
Mod Security Mod Security 1.7.4
Mod Security Mod Security 1.7.5
Mod Security Mod Security 1.7.1
Mod Security Mod Security 1.7.2
Mod Security Mod Security 1.9.4
Mod Security Mod Security 2.1
Mod Security Mod Security 1.7
1 EDB exploit
668
VMScore
CVE-2003-1171
Heap-based buffer overflow in the sec_filter_out function in mod_security 1.7RC1 up to and including 1.7.1 in Apache 2 allows remote malicious users to execute arbitrary code via a server side script that sends a large amount of data.
Mod Security Mod Security 1.7
Mod Security Mod Security 1.7.1
605
VMScore
CVE-2010-2231
Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle prior to 1.8.13 and 1.9.x prior to 1.9.9 allows remote malicious users to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attempt...
Moodle Moodle 1.8.8
Moodle Moodle 1.8.7
Moodle Moodle 1.6.5
Moodle Moodle 1.6.4
Moodle Moodle 1.5
Moodle Moodle 1.5.1
Moodle Moodle 1.4.5
Moodle Moodle 1.4.4
Moodle Moodle 1.1.1
Moodle Moodle
Moodle Moodle 1.8.11
Moodle Moodle 1.8.4
Moodle Moodle 1.8.3
Moodle Moodle 1.7.6
Moodle Moodle 1.7.4
Moodle Moodle 1.6.7
Moodle Moodle 1.6.0
Moodle Moodle 1.5.0
Moodle Moodle 1.4.1
Moodle Moodle 1.3.0
Moodle Moodle 1.3.3
Moodle Moodle 1.3.2
383
VMScore
CVE-2010-2228
Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle prior to 1.8.13 and 1.9.x prior to 1.9.9 allows remote malicious users to inject arbitrary web script or HTML via vectors involving extended characters in a username.
Moodle Moodle 1.1.1
Moodle Moodle 1.2.0
Moodle Moodle 1.4.1
Moodle Moodle 1.4.2
Moodle Moodle 1.5.3
Moodle Moodle 1.5.0
Moodle Moodle 1.6.7
Moodle Moodle 1.6.8
Moodle Moodle 1.2.1
Moodle Moodle 1.3.0
Moodle Moodle 1.4.3
Moodle Moodle 1.4.4
Moodle Moodle 1.6.0
Moodle Moodle 1.6.1
Moodle Moodle 1.7.1
Moodle Moodle 1.8.1
Moodle Moodle 1.8.2
Moodle Moodle 1.8.9
Moodle Moodle 1.8.10
Moodle Moodle 1.3.1
Moodle Moodle 1.3.2
Moodle Moodle 1.4.5
383
VMScore
CVE-2010-2229
Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle prior to 1.8.13 and 1.9.x prior to 1.9.9 allow remote malicious users to inject arbitrary web script or HTML via unspecified parameters.
Moodle Moodle 1.8.7
Moodle Moodle 1.8.6
Moodle Moodle 1.7.3
Moodle Moodle 1.6.4
Moodle Moodle 1.6.6
Moodle Moodle 1.5.1
Moodle Moodle 1.5.2
Moodle Moodle 1.4.4
Moodle Moodle 1.3.4
Moodle Moodle 1.8.9
Moodle Moodle 1.8.8
Moodle Moodle 1.8.1
Moodle Moodle 1.6.3
Moodle Moodle 1.6.5
Moodle Moodle 1.6.2
Moodle Moodle 1.5
Moodle Moodle 1.4.2
Moodle Moodle 1.4.5
Moodle Moodle 1.2.0
Moodle Moodle 1.1.1
Moodle Moodle
Moodle Moodle 1.8.5
356
VMScore
CVE-2010-2230
The KSES text cleaning filter in lib/weblib.php in Moodle prior to 1.8.13 and 1.9.x prior to 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input.
Moodle Moodle 1.8.9
Moodle Moodle 1.8.8
Moodle Moodle 1.6.3
Moodle Moodle 1.6.5
Moodle Moodle 1.6.2
Moodle Moodle 1.5
Moodle Moodle 1.5.1
Moodle Moodle 1.4.5
Moodle Moodle 1.4.4
Moodle Moodle 1.2.0
Moodle Moodle 1.1.1
Moodle Moodle
Moodle Moodle 1.8.4
Moodle Moodle 1.8.3
Moodle Moodle 1.7.6
Moodle Moodle 1.7.4
Moodle Moodle 1.6.8
Moodle Moodle 1.6.7
Moodle Moodle 1.5.0
Moodle Moodle 1.4.1
Moodle Moodle 1.3.0
Moodle Moodle 1.3.3
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started