Lucene search
K

11 matches found

Prion
Prion
added 2015/06/01 7:59 p.m.14 views

Design/Logic Flaw

tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/tag:flag capability before proceeding with a flaginappropriate action, which allows remote authenticated users to bypass intended access restrictions via the "Flag as...

4CVSS6.6AI score0.01712EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCve
added 2014/11/24 11:59 a.m.23 views

CVE-2014-7830

Cross-site scripting XSS vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse...

3.5CVSS6AI score0.01455EPSS
Exploits0References2
Cvelist
Cvelist
added 2014/11/24 11:0 a.m.23 views

CVE-2014-7838

Multiple cross-site request forgery CSRF vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for requests that set a tracking preference within 1...

7.2AI score0.01006EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2014/07/29 11:10 a.m.27 views

CVE-2014-3547

Multiple cross-site scripting XSS vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge...

4.3CVSS5.9AI score0.01187EPSS
Exploits0References3
Prion
Prion
added 2014/03/24 2:20 p.m.18 views

Design/Logic Flaw

repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a file's owner...

5.8CVSS7AI score0.01927EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2014/03/24 2:20 p.m.20 views

Code injection

The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/overrideform.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain...

4CVSS6.2AI score0.01674EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2014/03/24 2:20 p.m.19 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by 1 providing a crafted playerId or 2 referencing a...

4.3CVSS5.9AI score0.02405EPSS
Exploits1References5Affected Software2
Cvelist
Cvelist
added 2014/03/22 1:0 a.m.21 views

CVE-2014-0129

badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors...

6AI score0.01676EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2013/09/16 1:2 p.m.43 views

CVE-2013-5674

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid...

7.5CVSS5.9AI score0.02098EPSS
Exploits2References3
Prion
Prion
added 2013/09/16 1:2 p.m.31 views

Design/Logic Flaw

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid...

7.5CVSS7.4AI score0.02098EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2013/09/16 10:0 a.m.41 views

CVE-2013-5674

badges/external.php in Moodle 2.5.x before 2.5.2 does not properly handle an object obtained by unserializing a description of an external badge, which allows remote attackers to conduct PHP object injection attacks via unspecified vectors, as demonstrated by overwriting the value of the userid...

6.9AI score0.02098EPSS
Exploits2References2
Rows per page
Query Builder