CVSS: 4.3EPSS: 0%CPEs: 36EXPL: 0CVE-2013-2246
https://notcve.org/view.php?id=CVE-2013-2246
26 Jul 2013 — mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying recent feedback, which allows remote authenticated users to obtain sensitive information via a request for all course feedback that has occurred since a specified time. mod/feedback/lib.php en Moodle a la 2.1.10, 2.2.x anterior a 2.2.11, 2.3.x anterior a 2.3.8, 2.4.x anterior a 2.4.5, y 2.5.x anterior a 2.5.1 n... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39570 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.1EPSS: 0%CPEs: 36EXPL: 0CVE-2013-2242
https://notcve.org/view.php?id=CVE-2013-2242
26 Jul 2013 — mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authenticated users to bypass intended access restrictions via an HTTP session to a chat server. mod/chat/gui_sockets/index.php en Moodle desde 2.1.10, 2.2.x anterior a 2.2.11, 2.3.x anterior a 2.3.8, 2.4.x anterior a 2.4.5, y 2.5.x anterior a 2.5.1, no considera la ... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39628 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2013-2079
https://notcve.org/view.php?id=CVE-2013-2079
25 May 2013 — mod/assign/locallib.php in the assignment module in Moodle 2.3.x before 2.3.7 and 2.4.x before 2.4.4 does not consider capability requirements during the processing of ZIP assignment-archive download (aka downloadall) requests, which allows remote authenticated users to read other users' assignments by leveraging the student role. mod/assign/locallib.php en el módulo de asignaciones en Moodle v2.3.x antes de v2.3.7 y v2.4.x antes de v2.4.4, no tiene en cuenta los requisitos de capacidad durante el trámite d... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38443 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 22EXPL: 0CVE-2013-2080
https://notcve.org/view.php?id=CVE-2013-2080
25 May 2013 — The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly consider the existence of hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role and reading the Gradebook Overview report. El componente core_grade en Moodle hasta v2.1.10, v2.2.x hasta v2.2.10, v2.3.x hasta v2.3.7, y v2.4.x hasta v2.4.4, no tiene en cuenta adecuadamente la existencia de grados ocultos, que permite a los usuarios aute... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37475 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 32EXPL: 0CVE-2013-2081
https://notcve.org/view.php?id=CVE-2013-2081
25 May 2013 — Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data. Moodle hasta v2.1.10, v2.2.x hasta v2.2.10, v2.3.x hasta v2.3.7, y v2.4.x hasta v2.4.4 no considera los atributos "no enviar" el registro de centros, lo que permite a los centros remotos obtener información sensible del sitio mediante la lectura de los datos del formulario. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37822 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2013-2082
https://notcve.org/view.php?id=CVE-2013-2082
25 May 2013 — Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request. Moodle hasta v2.1.10, v2.2.x hasta v2.2.10, v2.3.x hasta v2.3.7, y v2.4.x hasta v2.4.4 no cumple los requisitos de capacidad para la lectura de los comentarios del blog, lo que permite a atacantes remotos obtener información sensible a través de una solicitud manipulada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37245 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 32EXPL: 0CVE-2013-2083
https://notcve.org/view.php?id=CVE-2013-2083
25 May 2013 — The MoodleQuickForm class in lib/formslib.php in Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly handle a certain array-element syntax, which allows remote attackers to bypass intended form-data filtering via a crafted request. La clase MoodleQuickForm en lib/formslib.php en Moodle hasta v2.1.10, v2.2.x antes de v2.2.10, v2.3.x antes de v2.3.7, y v2.4.x antes de v2.4.4 no maneja adecuadamente una sintaxis de matrices de elementos determinados, lo que ... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38885 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 36EXPL: 0CVE-2013-1836
https://notcve.org/view.php?id=CVE-2013-1836
25 Mar 2013 — Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access. Moodle v2.x hasta v2.1.10, v2.2.x anterior a v2.2.8, v2.3.x anterior a v2.3.5, y v2.4.x anterior a v2.4.2 no gestionan correctamente los privilegios del repositorios WebDAV, lo que permite a usuarios autenticados remotamente l... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37852 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 36EXPL: 0CVE-2013-1835
https://notcve.org/view.php?id=CVE-2013-1835
25 Mar 2013 — Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature. Moodle v2.x hasta v2.1.10, v2.2.x anterior a v2.2.8, v2.3.x anterior a v2.3.5, y v2.4.x anterior a v2.4.2 permite a usuarios administradores autenticados remotamente obtener información de repositorios externos de cualquier usuario aprovechando la característic... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36426 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 101EXPL: 0CVE-2013-1831
https://notcve.org/view.php?id=CVE-2013-1831
25 Mar 2013 — lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message. lib/setuplib.php en Moodle hasta v2.1.10, v2.2.x anterior a v2.2.8, v2.3.x anterior a v2.3.5, y v2.4.x anterior a v2.4.2 permite a atacantes remotos obtener información a través de una petición inválida, lo que revela la ruta absoluta en el mensaje de excepción. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36901 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •