Lucene search
K

72 matches found

cve
cve
added 2012/07/20 10:0 a.m.55 views

CVE-2011-4584

CVE-2011-4584 affects Moodle: MNET authentication in Moodle 1.9.x prior to 1.9.15, 2.0.x prior to 2.0.6, and 2.1.x prior to 2.1.3 permits remote authenticated users to impersonate other accounts via the Login As feature when combined with remote MNET SSO (demonstrated by a Mahara site). Debian/Op...

4CVSS6.3AI score0.01727EPSS
Exploits0References4Affected Software1
cvelist
cvelist
added 2012/07/20 10:0 a.m.25 views

CVE-2011-4588

The ipinrange function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request...

6.3AI score0.02149EPSS
Exploits0References4
cvelist
cvelist
added 2012/07/20 10:0 a.m.23 views

CVE-2011-4584

The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Maha...

6.2AI score0.01727EPSS
Exploits0References4
cve
cve
added 2012/07/20 10:0 a.m.53 views

CVE-2011-4588

CVE-2011-4588 affects Moodle 1.9.x prior to 1.9.15. The ip_in_range function in mnet/lib.php (MNET) uses an incorrect data type, enabling remote attackers to bypass IP address restrictions via an XMLRPC request. Connected sources confirm Moodle/MNET context and version window; Debian/OpenVAS advi...

5CVSS6.5AI score0.02149EPSS
Exploits0References4Affected Software1
ptsecurity
ptsecurity
added 2012/07/20 12:0 a.m.5 views

PT-2012-1916 · Moodle · Moodle

Name of the Vulnerable Software and Affected Versions: Moodle versions 1.9.x through 1.9.14 Moodle versions 2.0.x through 2.0.5 Moodle versions 2.1.x through 2.1.2 Description: The MNET authentication functionality allows remote authenticated users to impersonate other user accounts by using the...

4CVSS6.2AI score0.01727EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2012/07/20 12:0 a.m.4 views

PT-2012-1920 · Moodle · Moodle

Name of the Vulnerable Software and Affected Versions: Moodle versions 1.9.x through 1.9.14 Description: The issue concerns the ip in range function in mnet/lib.php, which incorrectly handles data types. This allows remote attackers to bypass intended IP address restrictions by sending an XMLRPC...

5CVSS6.4AI score0.02149EPSS
Exploits0References6
nvd
nvd
added 2012/07/11 10:26 a.m.25 views

CVE-2011-4302

mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the opensslverify function, which allows remote attackers to bypass validation via a crafted certificate...

6.8CVSS6.5AI score0.01284EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2012/07/11 10:26 a.m.31 views

CVE-2011-4302

mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the opensslverify function, which allows remote attackers to bypass validation via a crafted certificate...

6.8CVSS5.9AI score0.01284EPSS
Exploits0References1
prion
prion
added 2012/07/11 10:26 a.m.18 views

Input validation

mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the opensslverify function, which allows remote attackers to bypass validation via a crafted certificate...

6.8CVSS7AI score0.01284EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2012/07/11 10:0 a.m.22 views

CVE-2011-4302

mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the opensslverify function, which allows remote attackers to bypass validation via a crafted certificate...

6.4AI score0.01284EPSS
Exploits0References3
cve
cve
added 2012/07/11 10:0 a.m.60 views

CVE-2011-4302

Moodle vulnerability CVE-2011-4302 affects MNET in Moodle: 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2. The issue is improper processing of the return value from openssl_verify in mnet/xmlrpc/client.php, allowing remote attackers to bypass certificate validation with a crafted...

6.8CVSS6.6AI score0.01284EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2012/07/11 12:0 a.m.4 views

PT-2012-1850 · Moodle · Moodle

Name of the Vulnerable Software and Affected Versions: Moodle versions 1.9.x through 1.9.13 Moodle versions 2.0.x through 2.0.4 Moodle versions 2.1.x through 2.1.1 Description: The issue arises from improper processing of the return value of the openssl verify function in mnet/xmlrpc/client.php...

6.8CVSS6.4AI score0.01284EPSS
Exploits0References5
openvas
openvas
added 2012/03/12 12:0 a.m.27 views

Debian: Security Advisory (DSA-2421-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.4AI score0.02149EPSS
Exploits0References3
openvas
openvas
added 2012/02/11 12:0 a.m.37 views

Debian Security Advisory DSA 2334-1 (mahara)

The remote host is missing an update to mahara announced via advisory DSA 2334-1. OpenVAS Vulnerability Test $Id: deb23341.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2334-1 mahara Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

6.8CVSS0.1AI score0.02271EPSS
Exploits1
nvd
nvd
added 2011/11/15 3:57 a.m.22 views

CVE-2011-4118

Mahara before 1.4.1, when MNet aka the Moodle network feature is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target...

6CVSS6.5AI score0.01774EPSS
Exploits0References8
cvelist
cvelist
added 2011/11/15 2:0 a.m.26 views

CVE-2011-4118

Mahara before 1.4.1, when MNet aka the Moodle network feature is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target...

6.4AI score0.01774EPSS
Exploits0References8
cve
cve
added 2011/11/15 2:0 a.m.60 views

CVE-2011-4118

CVE-2011-4118 affects Mahara before 1.4.1 when using MNet (the Moodle network feature). An authenticated remote user can escalate privileges by jumping to an XMLRPC target, enabling partial confidentiality/integrity/availability impact per the CVSS vector. The public materials indicate the fix is...

6CVSS6.7AI score0.01774EPSS
Exploits0References8Affected Software1
nessus
nessus
added 2011/11/08 12:0 a.m.13 views

Debian DSA-2338-1 : moodle - several vulnerabilities

Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning : - MSA-11-0020 Continue links in error messages can lead offsite - MSA-11-0024 reCAPTCHA images were being authenticated from an older server - MSA-11-0025 Gro...

5AI score
Exploits0References8
osv
osv
added 2011/11/07 12:0 a.m.46 views

DSA-2338-1 moodle - several

Bulletin has no description...

6.8CVSS6AI score0.02102EPSS
Exploits0
nessus
nessus
added 2011/11/07 12:0 a.m.34 views

Debian DSA-2334-1 : mahara - several vulnerabilities

Several vulnerabilities were discovered in Mahara, an electronic portfolio, weblog, and resume builder : - CVE-2011-2771 Teemu Vesala discovered that missing input sanitising of RSS feeds could lead to cross-site scripting. - CVE-2011-2772 Richard Mansfield discovered that insufficient upload...

6.8CVSS5.2AI score0.02271EPSS
Exploits1References8
Rows per page
Query Builder