CVSS: 5.4EPSS: 0%CPEs: 18EXPL: 0CVE-2012-2360
https://notcve.org/view.php?id=CVE-2012-2360
21 Jul 2012 — Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el subsistema Wiki en Moodle v2.0.x anteriores a v2.0.9, v2.1.x anteriores a v2.1.6, y v2.2.x anteriores a v2.2.3 permite a atacantes remotos inyectar secuencias de... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32018 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 35EXPL: 0CVE-2012-2367
https://notcve.org/view.php?id=CVE-2012-2367
21 Jul 2012 — Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action. Moodle v1.9.x anteriores a v1.9.18, 2.0.x anteriores a v2.0.9, v2.1.x anteriores a v2.1.6, y v2.2.x anteriores a v2.2.3 permite a usuarios remotos autenticados a evitar los requisitos moodle/calendar:manageownentries y añadir una entrada a calendario a través de una a... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-18335 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2012-2358
https://notcve.org/view.php?id=CVE-2012-2358
21 Jul 2012 — Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist. Moodle v2.0.x anteriore a v2.0.9, 2.1.x anteriores a v2.1.6, y v2.2.x anteriores a v2.2.3 permite a usuarios remotos autenticados a evitar el estado de actividad solo-lectura y modificar la base de datos aumentando el rol de estudiante y editando la base ... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31811 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2012-2361
https://notcve.org/view.php?id=CVE-2012-2361
21 Jul 2012 — Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en admin/webservice/forms.php en la implementación del servicio Web en Moodle v2.0.x anteiores a v2.0.9, v... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31694 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 0CVE-2011-4586
https://notcve.org/view.php?id=CVE-2011-4586
20 Jul 2012 — CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Una vulnerabilidad de inyección CRLF en calendar/set.php en el subsistema de Calendario en Moodle v1.9.x antes de v1.9.15, v2.0.x antes de v2.0.6 y v2.1.x antes v2.1.3 que permite a atacantes remotos inyectar cabeceras HTTP de su elecció... • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=581e8dba387f090d89382115fd850d8b44351526 •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2011-4590
https://notcve.org/view.php?id=CVE-2011-4590
20 Jul 2012 — The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server. La implementación de servicios web en Moodle v2.0.x antes de v2.0.6 y v2.1.x antes de v2.1.3 no tiene debidamente en cuenta el estado del modo de mantenimiento y los atributos de la cuenta durante los intentos d... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28629 • CWE-287: Improper Authentication •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2011-4591
https://notcve.org/view.php?id=CVE-2011-4591
20 Jul 2012 — Cross-site scripting (XSS) vulnerability in the print_object function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en la función print_object en lib/datalib.php en Moodle v2.0.x antes de v2.0.6 y v2.1.x antes de v2.1.3, cuando se activa una secuencia de comandos de depu... • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=187672608ec96659e07f2461b3b83634debd16cb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2011-4583
https://notcve.org/view.php?id=CVE-2011-4583
20 Jul 2012 — Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens. Moodle v2.0.x antes de v2.0.6 y v2.1.x antes de v2.1.3 muestra las fichas de servicios web asociadas con (1) los servicios deshabilitados y (2) los usuarios que ya no tienen autorización, lo que permite tener un impacto no especificado a usuarios remotos... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28670&sr=1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 0CVE-2011-4584
https://notcve.org/view.php?id=CVE-2011-4584
20 Jul 2012 — The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site. La funcionalidad de autenticación MNET en Moodle v1.9.x antes de v1.9.15, v2.0.x antes de v2.0.6 y v2.1.x antes de v2.1.3 permite hacerse pasar por otras cuentas de usuario a usuarios remotos autenticados m... • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=10df8657c1c138c0d0ab1d4796c552fcec0c299b • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 23EXPL: 0CVE-2011-4587
https://notcve.org/view.php?id=CVE-2011-4587
20 Jul 2012 — lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords. lib/moodlelib.php en Moodle v1.9.x antes de v1.9.15, v2.0.x antes de v2.0.6 y v2.1.x antes de v2.1.3 no maneja adecuadamente ciertos valores de cero en la política de contraseñas, lo que hace que s... • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=e079e82c087becf06d902089d14f3f76686bde19 • CWE-255: Credentials Management Errors •