CVSS: 4.3EPSS: 0%CPEs: 24EXPL: 0CVE-2015-5342
https://notcve.org/view.php?id=CVE-2015-5342
The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state. El módulo choice en Moodle hasta la versión 2.6.11, 2.7.x en versiones anteriores a 2.7.11, 2.8.x en versiones anteriores a 2.8.9 y 2.9.x en versiones anteriores a 2.9.3 permite a usuarios remotos autenticados eludir las restricciones destinadas al acceso visitando una URL para añadir o eliminar respuestas en el estado cerrado. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51569 https://moodle.org/mod/forum/discuss.php?d=323237 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 22EXPL: 0CVE-2015-0211
https://notcve.org/view.php?id=CVE-2015-0211
mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtain sensitive information via requests to the LTI Ajax service. mod/lti/ajax.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.7, 2.7.x anterior a 2.7.4, y 2.8.x anterior a 2.8.2 no considera las capacidades moodle/course:manageactivities y mod/lti:addinstance antes de proceder con búsquedas de listas de herramientas registradas, lo que permite a usuarios remotos autenticados obtener información sensible a través de solicitudes al servicio LTI Ajax. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47920 http://openwall.com/lists/oss-security/2015/01/19/1 https://moodle.org/mod/forum/discuss.php?d=278611 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 35EXPL: 0CVE-2015-3180
https://notcve.org/view.php?id=CVE-2015-3180
lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment. lib/navigationlib.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.11, 2.7.x anterior a 2.7.8, y 2.8.x anterior a 2.8.6 permite a usuarios remotos autenticados obtener información sensible de la estructura de cursos mediante el aprovechamiento del acceso a una cuenta de estudiante con una matrícula suspendida. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49788 http://openwall.com/lists/oss-security/2015/05/18/1 http://www.securityfocus.com/bid/74729 http://www.securitytracker.com/id/1032358 https://moodle.org/mod/forum/discuss.php?d=313687 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 22EXPL: 0CVE-2015-0215
https://notcve.org/view.php?id=CVE-2015-0215
calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request. calendar/externallib.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.7, 2.7.x anterior a 2.7.4, y 2.8.x anterior a 2.8.2 permite a usuarios remotos autenticados obtener información sensible sobre eventos del calendario a través de una solicitud de los servicios web. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48017 http://openwall.com/lists/oss-security/2015/01/19/1 https://moodle.org/mod/forum/discuss.php?d=278615 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 35EXPL: 0CVE-2015-3176
https://notcve.org/view.php?id=CVE-2015-3176
The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register. La característica de la confirmación de cuentas en login/confirm.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.11, 2.7.x anterior a 2.7.8, y 2.8.x anterior a 2.8.6 permite a atacantes remotos obtener información sensible de nombres completos mediante el intento de autoregistrarse. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50099 http://openwall.com/lists/oss-security/2015/05/18/1 http://www.securityfocus.com/bid/74644 http://www.securitytracker.com/id/1032358 https://moodle.org/mod/forum/discuss.php?d=313683 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •