CVSS: 6.5EPSS: 0%CPEs: 22EXPL: 0CVE-2012-6099
https://notcve.org/view.php?id=CVE-2012-6099
27 Jan 2013 — The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature. El convertidor de copia de seguridad "moodle1" en backup/converter/moodle1/lib.php de Moodle v2.1.x anterior a v2.1.10, v2.2.x anterior a v2.2.7, v2.3.x anterior a v2.3.4, y v2.4.x anterior a v2.4.1 no val... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977 • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 40EXPL: 0CVE-2012-6098
https://notcve.org/view.php?id=CVE-2012-6098
27 Jan 2013 — grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature. grade/edit/outcome/edit_form.php en Moodle v1.9.x a la v1.9.19, 2.1.x anterior a v2.1.10, v2.2.x anterior a v2.2.7, v2.3.x a... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-27619 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-6106
https://notcve.org/view.php?id=CVE-2012-6106
27 Jan 2013 — calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object. calendar/managesubscriptions.php en Manage Subscriptions implementation in Moodle 2.4.x antes de v2.4.1 omite una comprobacion de capacidad, que permite a usuarios remotos autenticados para eliminar a nivel de curso suscripciones a... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37106 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2012-6105
https://notcve.org/view.php?id=CVE-2012-6105
27 Jan 2013 — blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading this feed. blog/rsslib.php en Moodle v2.1.x antes de v2.1.10, v2.2.x antes de v2.2.7, v2.3.x antes de v2.3.4, v2.4.x antes de v2.4.1 que continúa proporcionando un canal de blog RSS después de blogging se desactive , que permite a atacantes remotos obtener informa... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37467 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2012-6101
https://notcve.org/view.php?id=CVE-2012-6101
27 Jan 2013 — Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors related to (1) backup/backupfilesedit.php, (2) comment/comment_post.php, (3) course/switchrole.php, (4) mod/wiki/filesedit.php, (5) tag/coursetags_add.php, or (6) user/files.php. Varias vulnerabilidades de múltiple redirirección en Moodle v2.2.x antes de v2.2.7, v2.3.x antes de v2.3.4, v2.4.x y... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35991 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 18EXPL: 0CVE-2012-5471
https://notcve.org/view.php?id=CVE-2012-5471
21 Nov 2012 — The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout. Dropbox Repository File Picker en Moodle v2.1.x antes de v2.1.9, v2.2.x antes de v2.2.6, y v2.3.x antes de v2.3.3 permite a usuarios remotos autenticados acceder al Dropbox de un usuario diferente al aprovechar una estación de trabajo sin supervisión después de un cierre ... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29872 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2012-5481
https://notcve.org/view.php?id=CVE-2012-5481
21 Nov 2012 — Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass the moodle/role:manage capability requirement and read all capability data by visiting the Check Permissions page. Moodle v2.3.x antes de v2.3.3 permite a usuarios remotos autenticados evitar el requisito moodle/role:manage capability y leer todos los datos de capacidad visitando la página Check Permissions. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35381 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 0CVE-2012-5473
https://notcve.org/view.php?id=CVE-2012-5473
21 Nov 2012 — The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to read activity entries of a different group's users via an advanced search. El módulo Database activity en Moodle v2.1.x antes de v2.1.9, v2.2.x antes de v2.2.6, y v2.3.x antes de v2.3.3, permite a los atacantes remotos evitar las restricciones previstas en la lectura de las entradas de otros usuarios del grupo a través de una búsqueda avanzada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34448 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.1EPSS: 0%CPEs: 18EXPL: 0CVE-2012-5479
https://notcve.org/view.php?id=CVE-2012-5479
21 Nov 2012 — The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback. El complemento Portfolio en Moodle v2.1.x antes de v2.1.9, v2.2.x antes de v2.2.6, y v2.3.x antes de v2.3.3 permite a usuarios remotos autenticados cargar y ejecutar archivos a través de una devolución de llamada modificada a la API Portfolio. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33791 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 18EXPL: 0CVE-2012-5480
https://notcve.org/view.php?id=CVE-2012-5480
21 Nov 2012 — The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search. El módulo Database activity en Moodle v2.1.x antes de v2.1.9, v2.2.x antes de v2.2.6, y v2.3.x antes de v2.3.3, permite a los atacantes remotos evitar las restricciones previstas en la lectura de las entradas de otros participantes a través de una búsqueda avanzada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35558 • CWE-264: Permissions, Privileges, and Access Controls •