CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-2158
https://notcve.org/view.php?id=CVE-2016-2158
22 May 2016 — lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request. lib/ajax/getnavbranch.php en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.13, 2.8.x en versiones anteriores a 2.8.11, 2.9.x en versiones anteriores a 2.9.5 y 3.0.... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52774 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 33EXPL: 0CVE-2016-2157
https://notcve.org/view.php?id=CVE-2016-2157
22 May 2016 — Cross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins. Vulnerabilidad de CSRF en mod/assign/adminmanageplugins.php en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.13, 2.8.x en versiones anteriores a 2.8.11, 2.9.x en versiones anteri... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53031 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 33EXPL: 0CVE-2016-2153
https://notcve.org/view.php?id=CVE-2016-2153
22 May 2016 — Cross-site scripting (XSS) vulnerability in the advanced-search feature in mod_data in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL, as demonstrated by a search form field. Vulnerabilidad de XSS en la funcionalidad advanced-search en mod_data en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.13, 2.8.x en versiones anteriores a 2.8.11,... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52727 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-2156
https://notcve.org/view.php?id=CVE-2016-2156
22 May 2016 — calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a web-service request. alendar/externallib.php en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.13, 2.8.x en versiones anteriores a 2.8.11, 2.9.x en versiones anteriores a 2.9.5 y 3.0.x en versiones... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52808 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-2159
https://notcve.org/view.php?id=CVE-2016-2159
22 May 2016 — The save_submission function in mod/assign/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request. La función save_submission en mod/assign/externallib.php en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.13, 2.8.x en versiones anteriores a 2.8.11, 2.9.x en versiones anteriores a 2.9.5... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52901 • CWE-284: Improper Access Control •
CVSS: 4.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-2151
https://notcve.org/view.php?id=CVE-2016-2151
22 May 2016 — user/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 grants excessive authorization on the basis of the moodle/course:viewhiddenuserfields capability, which allows remote authenticated users to discover student e-mail addresses by leveraging the teacher role and reading a Participants list. user/index.php en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.13, 2.8.x en versiones anteriores a 2.8.11, 2.9.x en versione... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52433 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2016-2154
https://notcve.org/view.php?id=CVE-2016-2154
22 May 2016 — admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule. admin/tool/monitor/lib.php en Event Monitor en Moodle 2.8.x en versiones anteriores a 2.8.11, 2.9.x en versiones anteriores a 2.9.5 y 3.0.x en versiones anteriores a 3.0.3 no considera la capacidad moodle/course:viewhiddencourses,... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51167 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 19EXPL: 0CVE-2016-2155
https://notcve.org/view.php?id=CVE-2016-2155
22 May 2016 — The grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify "Exclude grade" settings by leveraging the Non-Editing Instructor role. La funcionalidad grade-reporting en Singleview (también conocida como Single View) en Moodle 2.8.x en versiones anteriores a 2.8.11, 2.9.x en versiones anteriores a 2.9.5 y 3.0.x en versiones anteriores... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52378 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0CVE-2016-2190
https://notcve.org/view.php?id=CVE-2016-2190
22 May 2016 — Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log. Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.13, 2.8.x en versiones anteriores a 2.8.11, 2.9.x en versiones anteriores a 2.9.5 y 3.0.x en versiones anteriores a 3.0.3 no restringe correctamente enlaces, lo que permite a atacantes remotos obtener informaci... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52651 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2015-5340
https://notcve.org/view.php?id=CVE-2015-5340
22 Feb 2016 — Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) badges/overview.php or (2) badges/view.php. Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.11, 2.8.x en versiones anteriores a 2.8.9 y 2.9.x en versiones anteriores a 2.9.3 no considera la capacidad moodle/badges:viewbadges, lo que permite... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51684 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •