CVE-2018-1044
https://notcve.org/view.php?id=CVE-2018-1044
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. En Moodle 3.x, los servicios quiz web permiten que los estudiantes vean los resultados de los tests cuando se les prohíbe hacerlo en las opciones. • http://www.securityfocus.com/bid/102754 https://moodle.org/mod/forum/discuss.php?d=364383 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-1043
https://notcve.org/view.php?id=CVE-2018-1043
In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames. En Moodle 3.x, la configuración para la lista de hosts bloqueados puede omitirse con múltiples nombres de host de registro A. • http://www.securityfocus.com/bid/102769 https://moodle.org/mod/forum/discuss.php?d=364382 •
CVE-2018-1045
https://notcve.org/view.php?id=CVE-2018-1045
In Moodle 3.x, there is XSS via a calendar event name. En Moodle 3.x, hay XSS mediante un nombre de evento de calendario. • http://www.securityfocus.com/bid/102755 https://moodle.org/mod/forum/discuss.php?d=364384 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2018-1042 – Moodle Filepicker 3.5.2 - Server Side Request Forgery
https://notcve.org/view.php?id=CVE-2018-1042
Moodle 3.x has Server Side Request Forgery in the filepicker. Moodle, en versiones 3.x, tiene Server Side Request Forgery en el filepicker. Moodle Filepicker version 3.5.2 suffers from a server-side request forgery vulnerability. • https://www.exploit-db.com/exploits/47177 https://github.com/UDPsycho/Moodle-CVE-2018-1042 http://packetstormsecurity.com/files/153766/Moodle-Filepicker-3.5.2-Server-Side-Request-Forgery.html http://www.securityfocus.com/bid/102752 https://moodle.org/mod/forum/discuss.php?d=364381 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2017-15110
https://notcve.org/view.php?id=CVE-2017-15110
In Moodle 3.x, students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students. En las versiones 3.x de Moodle, los estudiantes pueden averiguar las direcciones de correo electrónico de otros estudiantes en el mismo curso. Empleando la búsqueda en la página Participants, los estudiantes podrían buscar las direcciones de correo electrónico de todos los participantes, independientemente de la visibilidad del correo electrónico. • http://www.securityfocus.com/bid/101909 https://moodle.org/mod/forum/discuss.php?d=361784 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •