CVSS: 4.9EPSS: 0%CPEs: 36EXPL: 0CVE-2013-1832
https://notcve.org/view.php?id=CVE-2013-1832
25 Mar 2013 — repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance. repository/webdav/lib.php en Moodle v2.x hasta v2.1.10, v2.2.x anterior a v2.2.8, v2.3.x anterior a v2.3.5, y v2.4.x anterior a v2.4.2 incluye la contraseña en el formulario de configuración, que permite a los administradores re... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37681 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 36EXPL: 0CVE-2013-1833
https://notcve.org/view.php?id=CVE-2013-1833
25 Mar 2013 — Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el modulo File Picker de Moodle v2.x hasta v2.1.10, v2.2.x anterior a v2.2.8, v2.3.x anterior a v2.3.5, y v2.4.x anterior a v2.4.2 permite a usuarios autenticados d... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 40EXPL: 0CVE-2012-6098
https://notcve.org/view.php?id=CVE-2012-6098
27 Jan 2013 — grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature. grade/edit/outcome/edit_form.php en Moodle v1.9.x a la v1.9.19, 2.1.x anterior a v2.1.10, v2.2.x anterior a v2.2.7, v2.3.x a... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-27619 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 39EXPL: 0CVE-2012-3398
https://notcve.org/view.php?id=CVE-2012-3398
23 Jul 2012 — Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records. Vulnerabilidad de complejidad algorítmica en Moodle v1.9.x anteriores a v1.9.19, v2.0.x anteriores a v2.0.10, v2.1.x anteriores a v2.1.7, y v2.2.x anteriores a v2.2.4 permite a atacantes remotos provocar una denegaci... • http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32126 •
CVSS: 5.4EPSS: 0%CPEs: 22EXPL: 0CVE-2012-3397
https://notcve.org/view.php?id=CVE-2012-3397
23 Jul 2012 — lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authenticated users to bypass intended access restrictions by selecting an activity that is configured for a group of other users. lib/modinfolib.php en Moodle v2.0.x anteriores a v2.0.10, v2.1.x anteiores a v2.1.7, v2.2.x anteriores a v2.2.4, y v2.3.x anteriores a ... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33466 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2012-3395
https://notcve.org/view.php?id=CVE-2012-3395
23 Jul 2012 — SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands via crafted form data. Vulnerabilidad de inyección SQL en mod/feedback/complete.php en Moodle v2.0.x anteriores a v2.0.10, v2.1.x anteriores a v2.1.7, y v2.2.x anteriores a v2.2.4, permite a atacantes remotos ejecutar comandos SQL de su elección a través de un formulario de datos modificado. • http://git.moodle.org/gw?p=moodle.git&a=search&h=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7&st=commit&s=MDL-27675 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 22EXPL: 0CVE-2012-3396
https://notcve.org/view.php?id=CVE-2012-3396
23 Jul 2012 — Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2365. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en cohort/edit_form.php en Moodle v2.0.x anteriores a v2.0.10, v2.1.x anteriores a v2.1.7... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34045 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 18EXPL: 0CVE-2012-2364
https://notcve.org/view.php?id=CVE-2012-2364
21 Jul 2012 — Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en lib/filelib.php en Moodle v2.0.x antgeriores a v2.0.9, v2.1.x anteriores v2.1.6, y v2.2.x anteriores a v2.2.3 ... • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=ce4126c7a9e07dd0514f7ac297b5e60cad0b8d20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2012-2359
https://notcve.org/view.php?id=CVE-2012-2359
21 Jul 2012 — admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability. admin/roles/override.php en Moodle v2.0.x anteriores a v2.0.9, v2.1.x anteiores a v2.1.6, y v2.2.x anteriores a v2.2.3 permite a usuarios remotos autenticados obtener privilegios mediante la elevación de privilegios del rol de prof... • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=0f75e1e6272db0303abc8e27362e5c3a1344b82f • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 18EXPL: 0CVE-2012-2365
https://notcve.org/view.php?id=CVE-2012-2365
21 Jul 2012 — Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Moodle v2.0.x anteriores a v2.0.9, v2.1.x anteiores a v2.1.6, y 2.2.x anteriores a v2.2.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo idnumber sobre cohor... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31691 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •