11 matches found
EUVD-2022-3806
Malicious code in bioql PyPI...
GHSA-FMQ9-58Q4-XJW5 Moodle allows attackers to discover hidden course names
admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule...
Moodle allows attackers to discover hidden course names
admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule...
Course Name Disclosure
Moodle is vulnerable to course name disclosure. Authenticated attackers can leverage a flaw in admin/tool/monitor/lib.php to find hidden course names by subscribing to rules. These attacks are possible because moodle ignores the moodle/course:viewhiddencourses capability...
Moodle Information Disclosure Vulnerability (CNVD-2017-24413)
Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A security vulnerability exists in the Course overview block of Moodle version 3.3. An...
CVE-2016-2154
admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule...
CVE-2016-2154
admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule...
CVE-2016-2154
admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule...
Design/Logic Flaw
admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule...
CVE-2016-2154
Moodle’s Event Monitor (admin/tool/monitor/lib.php) in versions 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not honor moodle/course:viewhiddencourses, allowing remote authenticated users to discover hidden course names by subscribing to a rule. Impact is partial confident...
MGASA-2016-0122 Updated moodle packages fix security vulnerability
In Moodle before 2.8.11, teachers who otherwise were not supposed to see students' emails could see them in the participants list CVE-2016-2151. In Moodle before 2.8.11, Moodle traditionally trusted content from external DB, however it was decided that external datasources may not be aware of web...