Filtered by vendor Moodle
Subscribe
Total
533 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-4583 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.5 MEDIUM | N/A |
Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens. | |||||
CVE-2011-4582 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.9 MEDIUM | N/A |
Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL. | |||||
CVE-2011-4581 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.0 MEDIUM | N/A |
mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface. | |||||
CVE-2011-4309 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.0 MEDIUM | N/A |
Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL. | |||||
CVE-2011-4308 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.0 MEDIUM | N/A |
mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors. | |||||
CVE-2011-4307 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the section parameter. | |||||
CVE-2011-4306 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in course/editsection.html in Moodle 1.9.x before 1.9.14 allows remote authenticated users to inject arbitrary web script or HTML via crafted data. | |||||
CVE-2011-4305 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.0 MEDIUM | N/A |
message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service (infinite request loop) via a URL that specifies a zero wait time for message refreshing. | |||||
CVE-2011-4304 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.0 MEDIUM | N/A |
The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to discover the name of any user via a beep operation. | |||||
CVE-2011-4303 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 MEDIUM | N/A |
lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not set the correct registration_hubs.secret value during installation, which allows remote attackers to bypass intended access restrictions by leveraging the hubs feature. | |||||
CVE-2011-4302 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.8 MEDIUM | N/A |
mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the openssl_verify function, which allows remote attackers to bypass validation via a crafted certificate. | |||||
CVE-2011-4301 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.0 MEDIUM | N/A |
The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields. | |||||
CVE-2011-4300 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.0 MEDIUM | N/A |
The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file. | |||||
CVE-2011-4299 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment. | |||||
CVE-2011-4298 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.8 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in mod/wiki/ components in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allow remote attackers to hijack the authentication of arbitrary users for requests that modify wiki data. | |||||
CVE-2011-4297 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.4 MEDIUM | N/A |
comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity. | |||||
CVE-2011-4296 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.5 MEDIUM | N/A |
lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role. | |||||
CVE-2011-4295 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.5 MEDIUM | N/A |
The moodle_enrol_external:role_assign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated users to gain privileges by making a role assignment. | |||||
CVE-2011-4294 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.8 MEDIUM | N/A |
The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via unspecified vectors. | |||||
CVE-2011-4293 | 1 Moodle | 1 Moodle | 2024-11-21 | 6.4 MEDIUM | N/A |
The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors. |