Total
494 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-2232 | 1 Moodle | 1 Moodle | 2020-12-01 | 7.5 HIGH | N/A |
SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements. | |||||
CVE-2004-1978 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter. | |||||
CVE-2004-1711 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter. | |||||
CVE-2004-1425 | 1 Moodle | 1 Moodle | 2020-12-01 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter. | |||||
CVE-2004-1424 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
CVE-2012-2367 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.0 MEDIUM | N/A |
Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action. | |||||
CVE-2012-2366 | 1 Moodle | 1 Moodle | 2020-12-01 | 5.5 MEDIUM | N/A |
mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors. | |||||
CVE-2012-2365 | 1 Moodle | 1 Moodle | 2020-12-01 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php. | |||||
CVE-2012-2363 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event. | |||||
CVE-2012-2361 | 1 Moodle | 1 Moodle | 2020-12-01 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php. | |||||
CVE-2012-2360 | 1 Moodle | 1 Moodle | 2020-12-01 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title. | |||||
CVE-2012-2358 | 1 Moodle | 1 Moodle | 2020-12-01 | 5.5 MEDIUM | N/A |
Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist. | |||||
CVE-2012-2356 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.0 MEDIUM | N/A |
The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action. | |||||
CVE-2012-2355 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.0 MEDIUM | N/A |
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature. | |||||
CVE-2012-2353 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.0 MEDIUM | N/A |
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section. | |||||
CVE-2012-0798 | 1 Moodle | 1 Moodle | 2020-12-01 | 5.5 MEDIUM | N/A |
The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role. | |||||
CVE-2012-0795 | 1 Moodle | 1 Moodle | 2020-12-01 | 6.5 MEDIUM | N/A |
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address. | |||||
CVE-2012-3391 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.0 MEDIUM | N/A |
mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging the student role and reading the RSS feed for a forum. | |||||
CVE-2012-3392 | 1 Moodle | 1 Moodle | 2020-12-01 | 5.5 MEDIUM | N/A |
mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums. | |||||
CVE-2012-3393 | 1 Moodle | 1 Moodle | 2020-12-01 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository. |