Lucene search
K

41 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2012-2354

Malware in sbrugna...

6.5CVSS6.1AI score0.01416EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2022/05/13 12:0 a.m.48 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...

4.3CVSS6AI score0.01813EPSS
Exploits0References8Affected Software1
Prion
Prion
added 2013/01/27 10:55 p.m.23 views

Design/Logic Flaw

grade/edit/outcome/editform.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into...

4CVSS6.7AI score0.0111EPSS
Exploits0References3Affected Software1
0day.today
0day.today
added 2012/12/05 12:0 a.m.80 views

Moodle 1.9.14.2 Full Puth Disclosure Vulnerability

Exploit for php platform in category web applications Exploit Title: Full Path Disclosure --- Moodle 1.9.x - 1.9.14.2 Date: 2012 / 11 / 30 Author: r00tc0d3rs WebSite: www.r00tc0d3rs.org Facebook: www.facebook.com/r00tc0d3rs Twitter: @r00tc0d3rs Version: Moodle 1.9.x - 1.9.14.2 Category:: WebApps...

7.1AI score
Exploits0
NVD
NVD
added 2012/07/21 3:38 a.m.18 views

CVE-2012-2362

Cross-site scripting XSS vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php...

2.6CVSS5.4AI score0.01174EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2012/07/21 3:38 a.m.19 views

CVE-2012-2363

SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event...

6.5CVSS6.2AI score0.01416EPSS
Exploits0References2
Prion
Prion
added 2012/07/21 3:38 a.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php...

2.6CVSS5.9AI score0.01174EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2012/07/21 1:0 a.m.22 views

CVE-2012-2362

Cross-site scripting XSS vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php...

5.3AI score0.01174EPSS
Exploits0References4
CVE
CVE
added 2012/07/21 1:0 a.m.53 views

CVE-2012-2363

CVE-2012-2363 affects Moodle 1.9.x prior to 1.9.18. The calendar implementation’s calendar/event.php is vulnerable to SQL injection via a crafted calendar event, allowing remote authenticated users to execute arbitrary SQL commands. The issue originates from unsanitized input used in SQL queries ...

6.5CVSS7.7AI score0.01416EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2012/07/20 10:40 a.m.18 views

CVE-2011-4585

login/changepassword.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network...

5CVSS6.3AI score0.02118EPSS
Exploits0References4
Prion
Prion
added 2012/07/20 10:40 a.m.18 views

Design/Logic Flaw

lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable...

6.8CVSS7AI score0.02066EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2012/07/20 10:40 a.m.29 views

CVE-2011-4585

login/changepassword.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network...

5CVSS5.9AI score0.02118EPSS
Exploits0References1
Prion
Prion
added 2012/07/20 10:40 a.m.14 views

Design/Logic Flaw

login/changepassword.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network...

5CVSS7AI score0.02118EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2012/07/20 10:40 a.m.19 views

Design/Logic Flaw

The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Maha...

4CVSS6.8AI score0.01727EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2012/07/17 10:20 a.m.27 views

CVE-2012-0796

class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted 1 From: or 2 Sender: header...

4CVSS6AI score0.01677EPSS
Exploits0References4
NVD
NVD
added 2012/07/17 10:20 a.m.23 views

CVE-2012-0792

mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts...

4CVSS6.2AI score0.01118EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2012/07/17 10:20 a.m.27 views

CVE-2012-0796

class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted 1 From: or 2 Sender: header...

4CVSS5.9AI score0.01677EPSS
Exploits0References2
Prion
Prion
added 2012/07/17 10:20 a.m.16 views

Code injection

mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts...

4CVSS6.6AI score0.01118EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2012/07/17 10:20 a.m.29 views

CVE-2012-0792

mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts...

4CVSS6AI score0.01118EPSS
Exploits0References2
Cvelist
Cvelist
added 2012/07/17 10:0 a.m.33 views

CVE-2012-0796

class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted 1 From: or 2 Sender: header...

5.9AI score0.01677EPSS
Exploits0References4
Rows per page
Query Builder