6 matches found
CVE-2016-3734
Cross-site request forgery CSRF vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read...
CVE-2016-3734
Cross-site request forgery CSRF vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read...
CVE-2016-3734
Cross-site request forgery CSRF vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read...
CVE-2016-3734
Cross-site request forgery CSRF vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read...
CVE-2016-3734
The CVE-2016-3734 entry concerns a Cross-site Request Forgery in Moodle’s markposts.php. Affected versions include Moodle 3.0.x up to 3.0.3, 2.9.x up to 2.9.5, 2.8.x up to 2.8.11, and 2.7.x up to 2.7.13 and earlier. Under CSRF, remote attackers can hijack a logged-in user’s session to perform act...
FreeBSD : moodle -- multiple vulnerabilities (8656cf5f-4170-11e6-8dfe-002590263bf5)
Marina Glancy reports : - MSA-16-0013: Users are able to change profile fields that were locked by the administrator. - MSA-16-0015: Information disclosure of hidden forum names and sub-names. - MSA-16-0016: User can view badges of other users without proper permissions. - MSA-16-0017: Course...