50 matches found
Moodle Incorrect sanitation of attributes in forums
In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums...
CVE-2017-7490
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing...
CVE-2017-7490
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing...
CVE-2017-7491
In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers to change the "number of courses displayed in the course overview block" configuration setting...
CVE-2017-7490
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing...
CVE-2017-2641
In Moodle 2.x and 3.x, SQL injection can occur via user preferences...
Default credentials
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed...
Code injection
In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context...
CVE-2017-2576
In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums...
CVE-2017-2576
In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums...
Code injection
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available...
CVE-2017-2576
In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums...
CVE-2016-5013
In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam...
CVE-2016-5013
In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam...
Design/Logic Flaw
In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam...
CVE-2016-5013
In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam...
CVE-2015-3272
Open redirect vulnerability in the cleanparam function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer...
Moodle 2.x Version Detection
Binary data 8690.prm...
Design/Logic Flaw
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in 1 notes/index.php and 2 user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a...
CVE-2013-1836
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access...