CVSS: 8.8EPSS: 0%CPEs: 55EXPL: 0CVE-2013-1834
https://notcve.org/view.php?id=CVE-2013-1834
25 Mar 2013 — notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated users to reassign notes via a modified (1) userid or (2) courseid field. notes/edit.php de Moodle v1.9.x hasta v1.9.19, v2.x hasta v2.1.10, v2.2.x hasta v2.2.8, v2.3.x anterior a v2.3.5, y v2.4.x anterior a v2.4.2 permite a usuarios remotamente autenticados asignar notas a través de modificaciones en (1) el campo userid ó (2) en el campo courseid. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37411 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 103EXPL: 0CVE-2013-1830
https://notcve.org/view.php?id=CVE-2013-1830
25 Mar 2013 — user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search. user/view.php en Moodle hasta v2.1.10, v2.2.x anterior a v2.2.8, v2.3.x anterior a v2.3.5, y v2.4.x anterior a 2.4.2 no aplica el ajuste forceloginforprofiles, que permite a atacantes remotos obtener información de... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37481 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-1829
https://notcve.org/view.php?id=CVE-2013-1829
25 Mar 2013 — calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the student role. calendar/managesubscriptions.php en Moodle v2.4.x anterior a v2.4.2 no tiene en cuenta los requisitos de capacidad antes de mostrar las suscripciones de calendario, lo que permite a usuarios remotos autenticados obtener información potencialmente sen... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37338 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.9EPSS: 0%CPEs: 36EXPL: 0CVE-2013-1832
https://notcve.org/view.php?id=CVE-2013-1832
25 Mar 2013 — repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance. repository/webdav/lib.php en Moodle v2.x hasta v2.1.10, v2.2.x anterior a v2.2.8, v2.3.x anterior a v2.3.5, y v2.4.x anterior a v2.4.2 incluye la contraseña en el formulario de configuración, que permite a los administradores re... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37681 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 36EXPL: 0CVE-2013-1833
https://notcve.org/view.php?id=CVE-2013-1833
25 Mar 2013 — Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el modulo File Picker de Moodle v2.x hasta v2.1.10, v2.2.x anterior a v2.2.8, v2.3.x anterior a v2.3.5, y v2.4.x anterior a v2.4.2 permite a usuarios autenticados d... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2012-6102
https://notcve.org/view.php?id=CVE-2012-6102
27 Jan 2013 — lib.php in the Submission comments plugin in the Assignment module in Moodle 2.3.x before 2.3.4 and 2.4.x before 2.4.1 allows remote attackers to read or modify the submission comments (aka feedback comments) of arbitrary users via a crafted URI. lib.php en el plugin Submission Comments en el módulo Assignment en Moodle v2.3.x antes de v2.3.4 y v2.4.x antes de v2.4.1 permite a atacantes remotos leer o modificar los comentarios presentación (también conocido como comentarios de retroalimentación) de los usua... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37244 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 12EXPL: 0CVE-2012-6104
https://notcve.org/view.php?id=CVE-2012-6104
27 Jan 2013 — blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed. blog/rsslib.php en Moodle v2.2.x antes de v2.2.7, v2.3.x antes de v2.3.4, v2.4.1 y antes de v2.4.x , permite a atacantes remotos obtener información sensible de los blogs a nivel de sitio, aprovechando el papel de la huésped y de la lectura un feed RSS. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36620 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2012-6103
https://notcve.org/view.php?id=CVE-2012-6103
27 Jan 2013 — Multiple cross-site request forgery (CSRF) vulnerabilities in user/messageselect.php in the messaging system in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to hijack the authentication of arbitrary users for requests that send course messages. Multiple vulnerabilidad de falsificación de petición en sitios cruzados de user/messageselect.php en el sistema de mensajería de Moodle v2.2.x antes de v2.2.7, v2.3.x antes de v2.3.4, v2.4.1 y v2.4.x antes de permitir a... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36600 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2012-6100
https://notcve.org/view.php?id=CVE-2012-6100
27 Jan 2013 — report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report. report/outline/index.php en Moodle v2.2.x anterior a v2.2.7, v2.3.x anterior a v2.3.4, y v2.4.x anterior a v2.4.1 o se aplican correctamente el requisito "moodle/user:viewhiddendetails capability", lo que permite a atacan... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33340 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 33EXPL: 0CVE-2012-6112
https://notcve.org/view.php?id=CVE-2012-6112
27 Jan 2013 — classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string. classes/GoogleSpell.php en PHP Spellchecker (también conocido como Google Spellchecker) complemento anterior a v2.0.6.1 para TinyMCE, también... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283 • CWE-264: Permissions, Privileges, and Access Controls •