Filtered by vendor Moodle
Subscriptions
Filtered by product Moodle
Subscriptions
Total
529 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-1617 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page. | ||||
CVE-2010-1614 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability. | ||||
CVE-2010-1613 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks. | ||||
CVE-2010-1616 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability. | ||||
CVE-2010-1615 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php. | ||||
CVE-2010-1618 | 2 Ja-sig, Moodle | 2 Phpcas Client Library, Moodle | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message. | ||||
CVE-2010-1619 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities. | ||||
CVE-2011-4593 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface. | ||||
CVE-2011-4588 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request. | ||||
CVE-2011-4587 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords. | ||||
CVE-2011-4584 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site. | ||||
CVE-2011-4592 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron functionality. | ||||
CVE-2011-4591 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the print_object function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states. | ||||
CVE-2011-4590 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server. | ||||
CVE-2011-4586 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | ||||
CVE-2011-4585 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network. | ||||
CVE-2011-4582 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL. | ||||
CVE-2011-4583 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens. | ||||
CVE-2011-4581 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface. | ||||
CVE-2011-4589 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not check for the moodle/course:changeidnumber privilege during handling of course ID numbers, which allows remote authenticated users to overwrite ID numbers via a restore action. |