Filtered by vendor Moodle
Subscriptions
Filtered by product Moodle
Subscriptions
Total
529 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2011-4292 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations. | ||||
CVE-2011-4287 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user. | ||||
CVE-2011-4305 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service (infinite request loop) via a URL that specifies a zero wait time for message refreshing. | ||||
CVE-2011-4308 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors. | ||||
CVE-2011-4289 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page. | ||||
CVE-2011-4291 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted ratings operations. | ||||
CVE-2011-4282 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter. | ||||
CVE-2011-4278 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
CVE-2011-4293 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors. | ||||
CVE-2011-4284 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive information from a myprofile (aka My profile) block by visiting a user-context page. | ||||
CVE-2011-4133 | 1 Moodle | 1 Moodle | 2024-08-07 | N/A |
Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block. | ||||
CVE-2012-6112 | 2 Moodle, Tinymce | 2 Moodle, Spellchecker Php | 2024-08-06 | N/A |
classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string. | ||||
CVE-2012-6100 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report. | ||||
CVE-2012-6098 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature. | ||||
CVE-2012-6087 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
repository/s3/S3.php in the Amazon S3 library in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to an incorrect CURLOPT_SSL_VERIFYHOST value. | ||||
CVE-2012-5480 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search. | ||||
CVE-2012-5472 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field. | ||||
CVE-2012-5481 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass the moodle/role:manage capability requirement and read all capability data by visiting the Check Permissions page. | ||||
CVE-2012-5479 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback. | ||||
CVE-2012-5471 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout. |