8 matches found
CVE-2013-4522
lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote attackers to obtain sensitive information by requesting a file that had been previously retrieved by a caching proxy...
Design/Logic Flaw
lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote attackers to obtain sensitive information by requesting a file that had been previously retrieved by a caching proxy...
CVE-2013-4522
lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote attackers to obtain sensitive information by requesting a file that had been previously retrieved by a caching proxy...
CVE-2012-4407
lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file...
CVE-2012-4407
lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file...
CVE-2012-4407
CVE-2012-4407 affects Moodle: information disclosure in lib/filelib.php where Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files. This allows remote attackers to read a blog entry that references a non-public file and ...
CVE-2012-3390
CVE-2012-3390 affects Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4. The issue is that lib/filelib.php does not properly restrict file access after a block has been hidden, allowing remote authenticated users to read a file embedded in a block and obtain sensitive information. The description ...
CVE-2012-2364
CVE-2012-2364 describes an XSS vulnerability in Moodle’s lib/filelib.php that affects Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3. Remote authenticated users can inject arbitrary script/HTML via an assignment submission with ZIP compression, leading to text/html renderin...