Filtered by vendor Moodle
Subscriptions
Total
550 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2012-2367 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action. | ||||
CVE-2012-2366 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors. | ||||
CVE-2012-2365 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php. | ||||
CVE-2012-2364 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action. | ||||
CVE-2012-2363 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event. | ||||
CVE-2012-2362 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php. | ||||
CVE-2012-2361 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php. | ||||
CVE-2012-2360 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title. | ||||
CVE-2012-2359 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability. | ||||
CVE-2012-2358 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist. | ||||
CVE-2012-2357 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network. | ||||
CVE-2012-2356 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action. | ||||
CVE-2012-2355 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature. | ||||
CVE-2012-2354 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL. | ||||
CVE-2012-2353 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A |
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section. | ||||
CVE-2012-1170 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 7.5 High |
Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough | ||||
CVE-2012-1169 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 5.3 Medium |
Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs. | ||||
CVE-2012-1168 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 8.2 High |
Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. | ||||
CVE-2012-1161 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 4.3 Medium |
Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results | ||||
CVE-2012-1160 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 2.7 Low |
Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php |