15 matches found
EUVD-2011-4508
Malware in sbrugna...
EUVD-2012-4341
Malware in sbrugna...
EUVD-2022-2024
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2016-7038
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed. CVE-2016-7038 Note that Nessus relies o...
GHSA-786G-XV8V-9H93 Moodle Cross-site Scripting vulnerability
In Moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk...
GHSA-2PHX-W35G-X9VM Moodle Weak Password Recovery Mechanism for Forgotten Password
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed...
Moodle Weak Password Recovery Mechanism for Forgotten Password
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed...
Force-Password-Change Bypass
Moodle is vulnerable to the bypass of the force-password-change requirement. Even when a password is forced to be changed on login, its possible for the temporary password to be used to create web service tokens, thus extending the life of the temporary password...
Default credentials
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed...
UBUNTU-CVE-2016-7038
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed...
MGASA-2014-0230 Updated moodle packages fix multiple vulnerabilities
Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.3, Session checking was not being performed correctly in Assignment's quick-grading, allowing forged requests to be made unknowingly by authenticated users CVE-2014-0213. In Moodle before 2.6.3, MoodleMobile web service...
CVE-2012-4402
webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token intended for only one service...
CVE-2011-4583
Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with 1 disabled services and 2 users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens...
Authorization
Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with 1 disabled services and 2 users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens...
CVE-2011-4583
Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with 1 disabled services and 2 users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens...