VYPR

Moodle

by Moodle

Source repositories

CVEs (570)

  • CVE-2011-4304Jul 11, 2012
    risk 0.00cvss epss 0.02

    The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to discover the name of any user via a beep operation.

  • CVE-2011-4303Jul 11, 2012
    risk 0.00cvss epss 0.01

    lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not set the correct registration_hubs.secret value during installation, which allows remote attackers to bypass intended access restrictions by leveraging the hubs feature.

  • CVE-2011-4302Jul 11, 2012
    risk 0.00cvss epss 0.01

    mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the openssl_verify function, which allows remote attackers to bypass validation via a crafted certificate.

  • CVE-2011-4301Jul 11, 2012
    risk 0.00cvss epss 0.02

    The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the…

  • CVE-2011-4300Jul 11, 2012
    risk 0.00cvss epss 0.02

    The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file.

  • CVE-2011-4299Jul 11, 2012
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment.

  • CVE-2011-4298Jul 11, 2012
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in mod/wiki/ components in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allow remote attackers to hijack the authentication of arbitrary users for requests that modify wiki data.

  • CVE-2011-4203Dec 22, 2011
    risk 0.00cvss epss 0.01

    CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving…

  • CVE-2011-3757Sep 23, 2011
    risk 0.00cvss epss 0.01

    Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc/locallib.php and certain other files.

  • CVE-2010-2231Jun 28, 2010
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid…

  • CVE-2010-2230Jun 28, 2010
    risk 0.00cvss epss 0.02

    The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input.

  • CVE-2010-2229Jun 28, 2010
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

  • CVE-2010-2228Jun 28, 2010
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username.

  • CVE-2010-1619Apr 29, 2010
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML…

  • CVE-2010-1618Apr 29, 2010
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.

  • CVE-2010-1617Apr 29, 2010
    risk 0.00cvss epss 0.02

    user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page.

  • CVE-2010-1616Apr 29, 2010
    risk 0.00cvss epss 0.01

    Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.

  • CVE-2010-1615Apr 29, 2010
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms…

  • CVE-2010-1614Apr 29, 2010
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified…

  • CVE-2010-1613Apr 29, 2010
    risk 0.00cvss epss 0.02

    Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks.

Page 26 of 29