Total
494 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-4278 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2011-4203 | 1 Moodle | 1 Moodle | 2020-12-01 | 5.0 MEDIUM | N/A |
CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable. | |||||
CVE-2011-4286 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos. | |||||
CVE-2011-4133 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block. | |||||
CVE-2010-1619 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities. | |||||
CVE-2010-1618 | 2 Ja-sig, Moodle | 2 Phpcas Client Library, Moodle | 2020-12-01 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message. | |||||
CVE-2010-1617 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.0 MEDIUM | N/A |
user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page. | |||||
CVE-2010-1616 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.0 MEDIUM | N/A |
Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability. | |||||
CVE-2010-1615 | 1 Moodle | 1 Moodle | 2020-12-01 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php. | |||||
CVE-2010-1614 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability. | |||||
CVE-2010-1613 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.8 MEDIUM | N/A |
Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks. | |||||
CVE-2009-4305 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)." | |||||
CVE-2009-4304 | 1 Moodle | 1 Moodle | 2020-12-01 | 7.5 HIGH | N/A |
Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks. | |||||
CVE-2009-4303 | 1 Moodle | 1 Moodle | 2020-12-01 | 5.0 MEDIUM | N/A |
Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified "secrets" in backup files, which might allow attackers to obtain sensitive information. | |||||
CVE-2009-4302 | 1 Moodle | 1 Moodle | 2020-12-01 | 5.0 MEDIUM | N/A |
login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing. | |||||
CVE-2009-4301 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.0 MEDIUM | N/A |
mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions. | |||||
CVE-2009-4300 | 1 Moodle | 1 Moodle | 2020-12-01 | 5.0 MEDIUM | N/A |
Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors. | |||||
CVE-2009-4299 | 1 Moodle | 1 Moodle | 2020-12-01 | 5.0 MEDIUM | N/A |
mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors. | |||||
CVE-2009-4298 | 1 Moodle | 1 Moodle | 2020-12-01 | 5.0 MEDIUM | N/A |
The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors. | |||||
CVE-2009-4297 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. |