Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-4402 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.9 MEDIUM | N/A |
| webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service. | |||||
| CVE-2012-3397 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.0 MEDIUM | N/A |
| lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authenticated users to bypass intended access restrictions by selecting an activity that is configured for a group of other users. | |||||
| CVE-2012-3388 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.0 MEDIUM | N/A |
| The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record. | |||||
| CVE-2009-4301 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.0 MEDIUM | N/A |
| mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions. | |||||
| CVE-2009-4299 | 1 Moodle | 1 Moodle | 2020-12-01 | 5.0 MEDIUM | N/A |
| mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors. | |||||
| CVE-2012-0798 | 1 Moodle | 1 Moodle | 2020-12-01 | 5.5 MEDIUM | N/A |
| The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role. | |||||
| CVE-2012-2355 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.0 MEDIUM | N/A |
| Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature. | |||||
| CVE-2011-4308 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.0 MEDIUM | N/A |
| mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors. | |||||
| CVE-2012-2358 | 1 Moodle | 1 Moodle | 2020-12-01 | 5.5 MEDIUM | N/A |
| Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist. | |||||
| CVE-2010-1617 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.0 MEDIUM | N/A |
| user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page. | |||||
| CVE-2012-3391 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.0 MEDIUM | N/A |
| mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging the student role and reading the RSS feed for a forum. | |||||
| CVE-2012-2367 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.0 MEDIUM | N/A |
| Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action. | |||||
| CVE-2012-2356 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.0 MEDIUM | N/A |
| The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action. | |||||
| CVE-2011-4289 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.0 MEDIUM | N/A |
| Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page. | |||||
| CVE-2011-4293 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.4 MEDIUM | N/A |
| The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors. | |||||
| CVE-2011-4297 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.4 MEDIUM | N/A |
| comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity. | |||||
| CVE-2011-4285 | 1 Moodle | 1 Moodle | 2020-12-01 | 5.5 MEDIUM | N/A |
| The default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveraging the teacher role. | |||||
| CVE-2011-4589 | 1 Moodle | 1 Moodle | 2020-12-01 | 5.5 MEDIUM | N/A |
| backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not check for the moodle/course:changeidnumber privilege during handling of course ID numbers, which allows remote authenticated users to overwrite ID numbers via a restore action. | |||||
| CVE-2011-4583 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.5 MEDIUM | N/A |
| Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens. | |||||
| CVE-2011-4287 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.8 MEDIUM | N/A |
| admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user. | |||||