CVSS: 6.5EPSS: 0%CPEs: 61EXPL: 0CVE-2014-0129
https://notcve.org/view.php?id=CVE-2014-0129
22 Mar 2014 — badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors. badges/mybadges.php en Moodle 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2 no rastrea debidamente el usuario a quien un badge fue entregado, lo que permite a usuarios remotos autenticados modificar la visibilidad de un badge arbitrario a través de vectores no espe... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44140 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 61EXPL: 0CVE-2014-2571
https://notcve.org/view.php?id=CVE-2014-2571
22 Mar 2014 — Cross-site scripting (XSS) vulnerability in the quiz_question_tostring function in mod/quiz/editlib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a quiz question. Vulnerabilidad de XSS en la función quiz_question_tostring en mod/quiz/editlib.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2 permite a usuarios remotos autenticados inyect... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43690 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 91EXPL: 0CVE-2013-7341
https://notcve.org/view.php?id=CVE-2013-7341
22 Mar 2014 — Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342. Múltiples vulnerabilidades de XSS en Flowplayer Flash anterior a 3.2.17, utilizado en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y ... • http://flash.flowplayer.org/documentation/version-history.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 25EXPL: 0CVE-2014-0008
https://notcve.org/view.php?id=CVE-2014-0008
20 Jan 2014 — lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report. lib/adminlib.php en Moodle hasta la versión 2.3.11, 2.4.x anterior a la versión 2.4.8, 2.5.x anterior a 2.5.4, y 2.6.x anterior a la versión 2.6.1 registra contraseñas en texto plano, lo que permite a administradores remotos autenticados obtener información sen... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721 • CWE-255: Credentials Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 57EXPL: 0CVE-2014-0009
https://notcve.org/view.php?id=CVE-2014-0009
20 Jan 2014 — course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requirement for outside-group users in a SEPARATEGROUPS configuration, which allows remote authenticated users to perform "login as" actions via a direct request. course/loginas.php en Moodle hasta 2.2.11, 2.3.x antes de 2.3.11, 2.4.x antes de 2.4.8, 2.5.x antes de 2.5.4 y 2.6.x antes de 2.6.1 no fuerza el reuiisto moodle... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42643 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 59EXPL: 0CVE-2014-0010
https://notcve.org/view.php?id=CVE-2014-0010
20 Jan 2014 — Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields. Múltiples vulnerabilidades de CSRF en user/profile/index.php en Moodle hasta la versión 2.2.11, 2.3.x anterior a 2.3.11, 2.4.x anterior a la versión 2.4.8, 2.5.x anterior a 2.5.4, y 2.6.x ante... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 118EXPL: 1CVE-2013-4522
https://notcve.org/view.php?id=CVE-2013-4522
26 Nov 2013 — lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote attackers to obtain sensitive information by requesting a file that had been previously retrieved by a caching proxy server. lib/filelib.php en Moodle hasta la versión 2.2.11, 2.3.x anterior a 2.3.10, 2.4.x anterior a la versión 2.4.7, y 2.5.x anterior a 2.5.3 no envía las cabeceras HTTP "Cache-Control: private", lo que permite a a... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38743 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 118EXPL: 1CVE-2013-4523
https://notcve.org/view.php?id=CVE-2013-4523
26 Nov 2013 — Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted message. Vulnerabilidad de XSS en message/lib.php en Moodle hasta la versión 2.2.11, 2.3.x anterior a la versión 2.3.10, 2.4.x anterior a 2.4.7, y 2.5.x anterior a la versión 2.5.3 permite a usuarios remotos autenticados inyectar script web o HTML arbitrario a través de un m... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-41941 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 118EXPL: 1CVE-2013-4524
https://notcve.org/view.php?id=CVE-2013-4524
26 Nov 2013 — Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path. Vulnerabilidad de recorrido de directorio en repository/filesystem/lib.php de Moodle hasta la versión 2.2.11, 2.3.x anterior a la 2.3.10, 2.4.x anterior a la versión 2.4.7, y 2.5.x anterior a 2.5.3 permite a usuarios remotos autenticados leer archivos arbitrarios a t... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-41807 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 118EXPL: 1CVE-2013-4525
https://notcve.org/view.php?id=CVE-2013-4525
26 Nov 2013 — Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/responses_table.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via an answer to a text-based quiz question. Vulnerabilidad de XSS en mod/quiz/report/responses/responses_table.php en Moodle hasta la versión 2.2.11, 2.3.x anterior a 2.3.10, 2.4.x anterior a la versión 2.4.7, y 2.5.x anterior a 2.5.3 permite a usuarios remo... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-41820 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •