Lucene search
K

13 matches found

NVD
NVD
added 2017/04/20 9:59 p.m.18 views

CVE-2016-3732

The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users...

4.3CVSS5.2AI score0.01373EPSS
Exploits0References3
Prion
Prion
added 2017/04/20 9:59 p.m.23 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read...

6.8CVSS7.5AI score0.01129EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2016/12/16 12:0 a.m.24 views

Moodle 2.9.x < 2.9.8 Authentication Bypass

Binary data 9833.prm...

7.3CVSS7.3AI score0.00972EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/05/22 8:0 p.m.21 views

CVE-2016-2157

Cross-site request forgery CSRF vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage...

8.9AI score0.00975EPSS
Exploits0References4
NVD
NVD
added 2016/02/22 5:59 a.m.18 views

CVE-2015-5331

Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API...

4.3CVSS5.4AI score0.01278EPSS
Exploits0References2
NVD
NVD
added 2016/02/22 5:59 a.m.12 views

CVE-2015-3273

mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated users to bypass intended access restrictions by leveraging per-group authorization...

4.3CVSS5.4AI score0.015EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2016/02/22 5:59 a.m.16 views

CVE-2015-3273

mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated users to bypass intended access restrictions by leveraging per-group authorization...

4.3CVSS6.8AI score0.015EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2016/02/22 5:59 a.m.19 views

CVE-2015-5332

Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service disk consumption by leveraging the guest role and entering drafts with the editor-autosave feature...

7.1CVSS6.9AI score0.01684EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2016/02/22 5:59 a.m.17 views

CVE-2015-5331

Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API...

4.3CVSS6.3AI score0.01278EPSS
Exploits0References2
Prion
Prion
added 2016/02/22 5:59 a.m.21 views

Authorization

mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated users to bypass intended access restrictions by leveraging per-group authorization...

4CVSS6.6AI score0.015EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2016/02/22 5:59 a.m.10 views

Design/Logic Flaw

Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API...

4CVSS6.6AI score0.01278EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2016/02/22 2:0 a.m.22 views

CVE-2015-5332

Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service disk consumption by leveraging the guest role and entering drafts with the editor-autosave feature...

7.3AI score0.01684EPSS
Exploits0References2
Cvelist
Cvelist
added 2016/02/22 2:0 a.m.21 views

CVE-2015-3273

mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated users to bypass intended access restrictions by leveraging per-group authorization...

5.3AI score0.015EPSS
Exploits0References4
Rows per page
Query Builder