18 matches found
SUSE CVE-2009-4305
SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file CourseTitle."...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...
CVE-2010-1613
Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks...
CVE-2010-1618
Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...
CVE-2010-1619
Cross-site scripting XSS vulnerability in the fixnonstandardentities function in the KSES HTML text cleaning library weblib.php, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities...
CVE-2010-1617
user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page...
CVE-2010-1614
Multiple cross-site scripting XSS vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 the Login-As feature or 2 when the global search feature is enabled, unspecified global search forms in the...
CVE-2010-1619
CVE-2010-1619 affects Moodle’s KSES HTML text cleaning library (weblib.php) via the fix_non_standard_entities function. The vulnerability allows remote XSS by crafting HTML entities and is reported in Moodle 1.8.x prior to 1.8.12 and 1.9.x prior to 1.9.8. Related advisories describe multiple link...
CVE-2010-1619
Cross-site scripting XSS vulnerability in the fixnonstandardentities function in the KSES HTML text cleaning library weblib.php, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities...
Design/Logic Flaw
The LAMS module mod/lams for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the 1 username, 2 firstname, and 3 lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors...
CVE-2009-4299
mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors...
CVE-2009-4302
login/indexform.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these...
Design/Logic Flaw
login/indexform.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these...
CVE-2009-4299
mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors...
CVE-2009-4302
login/indexform.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these...
CVE-2009-4297
Multiple cross-site request forgery CSRF vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...
Design/Logic Flaw
mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors...
CVE-2009-4305
SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file CourseTitle."...