6 matches found
BIT-MOODLE-2022-30600
A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed...
Moodle 2.9.x < 2.9.3 Security Bypass
Binary data 9189.prm...
CVE-2015-5331
Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API...
CVE-2012-4400
repository/repositoryajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field...
CVE-2011-4293
The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets CSS and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified...
CVE-2011-4309
Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL...