Filtered by vendor Moodle
Subscriptions
Total
620 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4581 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface. | ||||
| CVE-2012-2355 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature. | ||||
| CVE-2011-4307 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the section parameter. | ||||
| CVE-2012-2354 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL. | ||||
| CVE-2010-1617 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page. | ||||
| CVE-2013-2246 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying recent feedback, which allows remote authenticated users to obtain sensitive information via a request for all course feedback that has occurred since a specified time. | ||||
| CVE-2011-4306 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in course/editsection.html in Moodle 1.9.x before 1.9.14 allows remote authenticated users to inject arbitrary web script or HTML via crafted data. | ||||
| CVE-2011-4305 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service (infinite request loop) via a URL that specifies a zero wait time for message refreshing. | ||||
| CVE-2013-1836 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access. | ||||
| CVE-2011-4304 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to discover the name of any user via a beep operation. | ||||
| CVE-2011-4301 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields. | ||||
| CVE-2012-4408 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass intended access restrictions via a reset operation. | ||||
| CVE-2011-4298 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in mod/wiki/ components in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allow remote attackers to hijack the authentication of arbitrary users for requests that modify wiki data. | ||||
| CVE-2011-4297 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity. | ||||
| CVE-2011-4295 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The moodle_enrol_external:role_assign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated users to gain privileges by making a role assignment. | ||||
| CVE-2011-4294 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via unspecified vectors. | ||||
| CVE-2010-1616 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability. | ||||
| CVE-2012-6087 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| repository/s3/S3.php in the Amazon S3 library in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, related to an incorrect CURLOPT_SSL_VERIFYHOST value. | ||||
| CVE-2011-4289 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page. | ||||
| CVE-2011-4287 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user. | ||||