Total
494 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2012-2357 | 1 Moodle | 1 Moodle | 2023-02-12 | 5.0 MEDIUM | N/A |
The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network. | |||||
CVE-2011-4290 | 1 Moodle | 1 Moodle | 2023-02-12 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding. | |||||
CVE-2011-4309 | 1 Moodle | 1 Moodle | 2023-02-12 | 5.0 MEDIUM | N/A |
Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL. | |||||
CVE-2011-4300 | 1 Moodle | 1 Moodle | 2023-02-12 | 5.0 MEDIUM | N/A |
The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file. | |||||
CVE-2011-4301 | 1 Moodle | 1 Moodle | 2023-02-12 | 5.0 MEDIUM | N/A |
The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields. | |||||
CVE-2011-4288 | 1 Moodle | 1 Moodle | 2023-02-12 | 4.0 MEDIUM | N/A |
Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role. | |||||
CVE-2012-0800 | 1 Moodle | 1 Moodle | 2023-02-12 | 2.1 LOW | N/A |
The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on an iPad device. | |||||
CVE-2012-0796 | 1 Moodle | 1 Moodle | 2023-02-12 | 4.0 MEDIUM | N/A |
class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header. | |||||
CVE-2012-0794 | 1 Moodle | 1 Moodle | 2023-02-12 | 5.0 MEDIUM | N/A |
The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution. | |||||
CVE-2011-4588 | 1 Moodle | 1 Moodle | 2023-02-12 | 5.0 MEDIUM | N/A |
The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request. | |||||
CVE-2011-4591 | 1 Moodle | 1 Moodle | 2023-02-12 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the print_object function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states. | |||||
CVE-2011-4581 | 1 Moodle | 1 Moodle | 2023-02-12 | 4.0 MEDIUM | N/A |
mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface. | |||||
CVE-2011-4296 | 1 Moodle | 1 Moodle | 2023-02-12 | 5.5 MEDIUM | N/A |
lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role. | |||||
CVE-2011-4592 | 1 Moodle | 1 Moodle | 2023-02-12 | 5.0 MEDIUM | N/A |
The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron functionality. | |||||
CVE-2011-4587 | 1 Moodle | 1 Moodle | 2023-02-12 | 6.8 MEDIUM | N/A |
lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords. | |||||
CVE-2011-4306 | 1 Moodle | 1 Moodle | 2023-02-12 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in course/editsection.html in Moodle 1.9.x before 1.9.14 allows remote authenticated users to inject arbitrary web script or HTML via crafted data. | |||||
CVE-2011-4307 | 1 Moodle | 1 Moodle | 2023-02-12 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the section parameter. | |||||
CVE-2011-4586 | 1 Moodle | 1 Moodle | 2023-02-12 | 5.0 MEDIUM | N/A |
CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
CVE-2011-4303 | 1 Moodle | 1 Moodle | 2023-02-12 | 4.3 MEDIUM | N/A |
lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not set the correct registration_hubs.secret value during installation, which allows remote attackers to bypass intended access restrictions by leveraging the hubs feature. | |||||
CVE-2011-4593 | 1 Moodle | 1 Moodle | 2023-02-12 | 4.0 MEDIUM | N/A |
Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface. |