Filtered by vendor Moodle
Subscriptions
Filtered by product Moodle
Subscriptions
Total
542 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-2272 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token. | ||||
CVE-2015-2266 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/site:readallmessages capability before accessing arbitrary conversations, which allows remote authenticated users to obtain sensitive personal-contact and unread-message-count information via a modified URL. | ||||
CVE-2015-2268 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression. | ||||
CVE-2015-2271 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass intended access restrictions via the "Flag as inappropriate" feature. | ||||
CVE-2015-2267 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value. | ||||
CVE-2015-1493 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading PHP scripts. | ||||
CVE-2015-0212 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary. | ||||
CVE-2015-0214 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request. | ||||
CVE-2015-0215 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request. | ||||
CVE-2015-0211 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtain sensitive information via requests to the LTI Ajax service. | ||||
CVE-2015-0218 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout. | ||||
CVE-2015-0213 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims. | ||||
CVE-2015-0217 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression. | ||||
CVE-2015-0216 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback. | ||||
CVE-2016-9188 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters. | ||||
CVE-2016-9186 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | ||||
CVE-2016-9187 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors. | ||||
CVE-2016-8643 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services. | ||||
CVE-2016-8644 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context. | ||||
CVE-2016-8642 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available. |