11 matches found
CVE-2016-3734
Cross-site request forgery CSRF vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read...
CVE-2016-3734
Cross-site request forgery CSRF vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read...
CVE-2016-3732
The capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read...
CVE-2016-3729
The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator...
CVE-2016-3734
The CVE-2016-3734 entry concerns a Cross-site Request Forgery in Moodle’s markposts.php. Affected versions include Moodle 3.0.x up to 3.0.3, 2.9.x up to 2.9.5, 2.8.x up to 2.8.11, and 2.7.x up to 2.7.13 and earlier. Under CSRF, remote attackers can hijack a logged-in user’s session to perform act...
Moodle 3.0.x < 3.0.9 RCE
Binary data 700009.prm...
Moodle 3.0.x < 3.0.8 Multiple Vulnerabilities
Binary data 9922.prm...
Moodle 3.0.x < 3.0.7 Multiple Vulnerabilities
Binary data 9836.prm...
Moodle 3.0.x < 3.0.6 Authentication Bypass
Binary data 9835.prm...
CVE-2016-2157
Cross-site request forgery CSRF vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage...