CVSS: 8.8EPSS: 0%CPEs: 64EXPL: 0CVE-2014-0213
https://notcve.org/view.php?id=CVE-2014-0213
27 May 2014 — Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests. Múltiples vulnerabilidades de CSRF en mod/assign/locallib.php en el subsistema Assignment en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.10, 2.5.x anterior a 2.5.6 y 2.6.x anterior a 2.6.3 permiten a atacantes remotos ... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44606 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 64EXPL: 0CVE-2014-0215
https://notcve.org/view.php?id=CVE-2014-0215
27 May 2014 — The blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by (1) using a screen reader or (2) reading the HTML source. La implementación de calificación a ciegas en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.10, 2.5.x anterior a 2.5.6 y 2.6.x anterior a 2.6.3 permite a usuarios remotos autenticados revelar la identidad de estudiantes mediante (1) el uso de un lector de pantall... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44750 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 64EXPL: 0CVE-2014-0216
https://notcve.org/view.php?id=CVE-2014-0216
27 May 2014 — The My Home implementation in the block_html_pluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML block. La implementación My Home en la función block_html_pluginfile en blocks/html/lib.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.10, 2.5.x anterior a 2.5.6 y 2.6.x anterior a 2.6.3 no restringe debidament... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 64EXPL: 0CVE-2014-0218
https://notcve.org/view.php?id=CVE-2014-0218
27 May 2014 — Cross-site scripting (XSS) vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el repositorio de URL de descarga en repository/url/lib.php en Moodle hasta 2.3.11, 2.4.x hasta 2.4.10, 2.5.x anterior a 2.5.6 y 2.6.x anterior a 2.6.3 permite a atacantes remotos inyectar secuencias de comand... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45332 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 91EXPL: 0CVE-2013-7341
https://notcve.org/view.php?id=CVE-2013-7341
22 Mar 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342. Múltiples vulnerabilidades de XSS en Flowplayer Flash anterior a 3.2.17, utilizado en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y ... • http://flash.flowplayer.org/documentation/version-history.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 61EXPL: 0CVE-2014-0122
https://notcve.org/view.php?id=CVE-2014-0122
22 Mar 2014 — mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by remaining in a chat session after an intra-session capability removal by an administrator. mod/chat/chat_ajax.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44082 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 61EXPL: 0CVE-2014-0123
https://notcve.org/view.php?id=CVE-2014-0123
22 Mar 2014 — The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict (1) view and (2) edit access, which allows remote authenticated users to perform wiki operations by leveraging the student role and using the Recent Activity block to reach the individual wiki of an arbitrary student. El subsistema wiki en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2 no restringe debidamente acceso (1) visualiz... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39990 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 61EXPL: 0CVE-2014-0124
https://notcve.org/view.php?id=CVE-2014-0124
22 Mar 2014 — The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain sensitive information by using the (1) Forum or (2) Quiz module. Las implementaciones de informes de identidad en mod/forum/renderer.php y mod/quiz/override_form.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43916 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 61EXPL: 0CVE-2014-0125
https://notcve.org/view.php?id=CVE-2014-0125
22 Mar 2014 — repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a file's owner. repository/alfresco/lib.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2 sitúa una clave de sesión en una URL, lo que permite a atacantes remotos evadir restricciones de archivo del repositorio... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29409 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 61EXPL: 0CVE-2014-0126
https://notcve.org/view.php?id=CVE-2014-0126
22 Mar 2014 — Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file. Vulnerabilidad de CSRF en enrol/imsenterprise/importnow.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2 permite a atacantes remotos secuestrar la autenticación de adm... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43146 • CWE-352: Cross-Site Request Forgery (CSRF) •