VYPR

Moodle

by Moodle

Source repositories

CVEs (570)

  • CVE-2011-4584Jul 20, 2012
    risk 0.00cvss epss 0.02

    The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as…

  • CVE-2011-4583Jul 20, 2012
    risk 0.00cvss epss 0.01

    Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens.

  • CVE-2011-4582Jul 20, 2012
    risk 0.00cvss epss 0.01

    Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL.

  • CVE-2011-4581Jul 20, 2012
    risk 0.00cvss epss 0.01

    mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface.

  • CVE-2012-0801Jul 17, 2012
    risk 0.00cvss epss 0.01

    lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors.

  • CVE-2012-0800Jul 17, 2012
    risk 0.00cvss epss 0.00

    The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups…

  • CVE-2012-0799Jul 17, 2012
    risk 0.00cvss epss 0.01

    Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page.

  • CVE-2012-0798Jul 17, 2012
    risk 0.00cvss epss 0.01

    The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role.

  • CVE-2012-0797Jul 17, 2012
    risk 0.00cvss epss 0.01

    The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token.

  • CVE-2012-0796Jul 17, 2012
    risk 0.00cvss epss 0.02

    class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From:…

  • CVE-2012-0795Jul 17, 2012
    risk 0.00cvss epss 0.02

    Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address.

  • CVE-2012-0794Jul 17, 2012
    risk 0.00cvss epss 0.01

    The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading…

  • CVE-2012-0793Jul 17, 2012
    risk 0.00cvss epss 0.02

    Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors.

  • CVE-2012-0792Jul 17, 2012
    risk 0.00cvss epss 0.01

    mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts.

  • CVE-2011-4297Jul 16, 2012
    risk 0.00cvss epss 0.02

    comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity.

  • CVE-2011-4296Jul 16, 2012
    risk 0.00cvss epss 0.01

    lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role.

  • CVE-2011-4295Jul 16, 2012
    risk 0.00cvss epss 0.01

    The moodle_enrol_external:role_assign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated users to gain privileges by making a role assignment.

  • CVE-2011-4294Jul 16, 2012
    risk 0.00cvss epss 0.02

    The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web…

  • CVE-2011-4293Jul 16, 2012
    risk 0.00cvss epss 0.02

    The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary…

  • CVE-2011-4292Jul 16, 2012
    risk 0.00cvss epss 0.02

    Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations.

Page 24 of 29