72 matches found
CVE-2011-4584
CVE-2011-4584 affects Moodle: MNET authentication in Moodle 1.9.x prior to 1.9.15, 2.0.x prior to 2.0.6, and 2.1.x prior to 2.1.3 permits remote authenticated users to impersonate other accounts via the Login As feature when combined with remote MNET SSO (demonstrated by a Mahara site). Debian/Op...
CVE-2011-4588
The ipinrange function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request...
CVE-2011-4584
The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Maha...
CVE-2011-4588
CVE-2011-4588 affects Moodle 1.9.x prior to 1.9.15. The ip_in_range function in mnet/lib.php (MNET) uses an incorrect data type, enabling remote attackers to bypass IP address restrictions via an XMLRPC request. Connected sources confirm Moodle/MNET context and version window; Debian/OpenVAS advi...
PT-2012-1916 · Moodle · Moodle
Name of the Vulnerable Software and Affected Versions: Moodle versions 1.9.x through 1.9.14 Moodle versions 2.0.x through 2.0.5 Moodle versions 2.1.x through 2.1.2 Description: The MNET authentication functionality allows remote authenticated users to impersonate other user accounts by using the...
PT-2012-1920 · Moodle · Moodle
Name of the Vulnerable Software and Affected Versions: Moodle versions 1.9.x through 1.9.14 Description: The issue concerns the ip in range function in mnet/lib.php, which incorrectly handles data types. This allows remote attackers to bypass intended IP address restrictions by sending an XMLRPC...
CVE-2011-4302
mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the opensslverify function, which allows remote attackers to bypass validation via a crafted certificate...
CVE-2011-4302
mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the opensslverify function, which allows remote attackers to bypass validation via a crafted certificate...
Input validation
mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the opensslverify function, which allows remote attackers to bypass validation via a crafted certificate...
CVE-2011-4302
mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the opensslverify function, which allows remote attackers to bypass validation via a crafted certificate...
CVE-2011-4302
Moodle vulnerability CVE-2011-4302 affects MNET in Moodle: 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2. The issue is improper processing of the return value from openssl_verify in mnet/xmlrpc/client.php, allowing remote attackers to bypass certificate validation with a crafted...
PT-2012-1850 · Moodle · Moodle
Name of the Vulnerable Software and Affected Versions: Moodle versions 1.9.x through 1.9.13 Moodle versions 2.0.x through 2.0.4 Moodle versions 2.1.x through 2.1.1 Description: The issue arises from improper processing of the return value of the openssl verify function in mnet/xmlrpc/client.php...
Debian: Security Advisory (DSA-2421-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 2334-1 (mahara)
The remote host is missing an update to mahara announced via advisory DSA 2334-1. OpenVAS Vulnerability Test $Id: deb23341.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2334-1 mahara Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...
CVE-2011-4118
Mahara before 1.4.1, when MNet aka the Moodle network feature is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target...
CVE-2011-4118
Mahara before 1.4.1, when MNet aka the Moodle network feature is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target...
CVE-2011-4118
CVE-2011-4118 affects Mahara before 1.4.1 when using MNet (the Moodle network feature). An authenticated remote user can escalate privileges by jumping to an XMLRPC target, enabling partial confidentiality/integrity/availability impact per the CVSS vector. The public materials indicate the fix is...
Debian DSA-2338-1 : moodle - several vulnerabilities
Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning : - MSA-11-0020 Continue links in error messages can lead offsite - MSA-11-0024 reCAPTCHA images were being authenticated from an older server - MSA-11-0025 Gro...
DSA-2338-1 moodle - several
Bulletin has no description...
Debian DSA-2334-1 : mahara - several vulnerabilities
Several vulnerabilities were discovered in Mahara, an electronic portfolio, weblog, and resume builder : - CVE-2011-2771 Teemu Vesala discovered that missing input sanitising of RSS feeds could lead to cross-site scripting. - CVE-2011-2772 Richard Mansfield discovered that insufficient upload...