Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Moodle Subscribe
Total 495 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-1171 1 Moodle 1 Moodle 2020-12-01 4.3 MEDIUM N/A
The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file.
CVE-2009-0502 2 Moodle, Snoopy 2 Moodle, Snoopy 2020-12-01 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page.
CVE-2009-0501 1 Moodle 1 Moodle 2020-12-01 5.0 MEDIUM N/A
Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors.
CVE-2009-0500 1 Moodle 1 Moodle 2020-12-01 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.
CVE-2009-0499 1 Moodle 1 Moodle 2020-12-01 6.4 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php.
CVE-2008-5432 1 Moodle 1 Moodle 2020-12-01 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).
CVE-2008-3326 1 Moodle 1 Moodle 2020-12-01 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).
CVE-2006-4943 1 Moodle 1 Moodle 2020-12-01 5.0 MEDIUM N/A
course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.
CVE-2006-4942 1 Moodle 1 Moodle 2020-12-01 4.6 MEDIUM N/A
Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) tex filters, allows remote authenticated users to write LaTeX or MimeTeX output files to the top level of the dataroot directory via (a) filter/algebra/pix.php or (b) filter/tex/pix.php.
CVE-2006-4941 1 Moodle 1 Moodle 2020-12-01 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php.
CVE-2006-4940 1 Moodle 1 Moodle 2020-12-01 5.0 MEDIUM N/A
login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action.
CVE-2006-4939 1 Moodle 1 Moodle 2020-12-01 5.0 MEDIUM N/A
backup/backup_scheduled.php in Moodle before 1.6.2 generates trace data with the full backup pathname even when debugging is disabled, which might allow attackers to obtain the pathname.
CVE-2006-4938 1 Moodle 1 Moodle 2020-12-01 4.0 MEDIUM N/A
help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message.
CVE-2011-4283 1 Moodle 1 Moodle 2020-12-01 5.0 MEDIUM N/A
Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml.
CVE-2006-4936 1 Moodle 1 Moodle 2020-12-01 10.0 HIGH N/A
Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors.
CVE-2006-4935 1 Moodle 1 Moodle 2020-12-01 10.0 HIGH N/A
The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors.
CVE-2005-2247 1 Moodle 1 Moodle 2020-12-01 10.0 HIGH N/A
Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors.
CVE-2004-2237 1 Moodle 1 Moodle 2020-12-01 10.0 HIGH N/A
Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts."
CVE-2004-0725 1 Moodle 1 Moodle 2020-12-01 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter.
CVE-2004-2236 1 Moodle 1 Moodle 2020-12-01 10.0 HIGH N/A
Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting.