CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2012-2353
https://notcve.org/view.php?id=CVE-2012-2353
21 Jul 2012 — Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section. Moodle v2.1.x anteriores a v2.1.6 y v2.2.x anteriores a v2.2.3 permite a usuarios remotos autenticados a obtener información sensible del usuario de campos ocultos mediante el aumento del rol de profesor y nevegando a "enrolled users" bajo la sección "User Settings". • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31923 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 35EXPL: 0CVE-2012-2367
https://notcve.org/view.php?id=CVE-2012-2367
21 Jul 2012 — Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action. Moodle v1.9.x anteriores a v1.9.18, 2.0.x anteriores a v2.0.9, v2.1.x anteriores a v2.1.6, y v2.2.x anteriores a v2.2.3 permite a usuarios remotos autenticados a evitar los requisitos moodle/calendar:manageownentries y añadir una entrada a calendario a través de una a... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-18335 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2012-2354
https://notcve.org/view.php?id=CVE-2012-2354
21 Jul 2012 — Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL. Moodle v2.1.x anteriores a v2.1.6 y v2.2.x anteriores a v2.2.3 permite a usuarios remotos autenticados a evitar los requisitos de la característica moodle/site:readallmessages y leer mensajes utilizando la característica "Recent conversations" con un parám... • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=48e03792ca8faa2d781f9ef74606f3b3f0d3baec • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2012-2358
https://notcve.org/view.php?id=CVE-2012-2358
21 Jul 2012 — Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist. Moodle v2.0.x anteriore a v2.0.9, 2.1.x anteriores a v2.1.6, y v2.2.x anteriores a v2.2.3 permite a usuarios remotos autenticados a evitar el estado de actividad solo-lectura y modificar la base de datos aumentando el rol de estudiante y editando la base ... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31811 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2012-2366
https://notcve.org/view.php?id=CVE-2012-2366
21 Jul 2012 — mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors. mod/data/preset.php en Moodle v2.1.x anterior a v2.1.6 y v2.2.x anteriores a v2.2.3 no repite de forma adecuada el paso de una matriz, lo que permite a usuarios remotos autenticados a sobrescribir valores de la actividad en la base de datos a través de vectores no especificados. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31763 •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2012-2355
https://notcve.org/view.php?id=CVE-2012-2355
21 Jul 2012 — Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature. Moodle v2.1.x anteriores a v2.1.6 y v2.2.x anteiores a v2.2.3 permite a usuarios remotos autenticados a evitar los requisitos question:use* y añadir preguntas a un cuestionario a través de la caractérística questions. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32240 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2012-2361
https://notcve.org/view.php?id=CVE-2012-2361
21 Jul 2012 — Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en admin/webservice/forms.php en la implementación del servicio Web en Moodle v2.0.x anteiores a v2.0.9, v... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31694 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 27EXPL: 0CVE-2012-0793
https://notcve.org/view.php?id=CVE-2012-0793
17 Jul 2012 — Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors. Moodle v1.9.x antes de v1.9.16, v2.0.x antes de v2.0.7, v2.1.x antes de v2.1.4, y v2.2.x antes de v2.2.1 permite a atacantes remotos ver las imágenes de perfil de las cuentas de usuario a través de vectores no especificados. • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=90911c4ff98dc2078a3acef5ddf5a1a8f7e20ba5 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2012-0797
https://notcve.org/view.php?id=CVE-2012-0797
17 Jul 2012 — The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token. La funcionalidad de servicios web en Moodle v2.0.x anterior a v2.0.7, v2.1.x anterior a v2.1.4 y v2.2.x anterior a v2.2.1 permite a usuarios remotos autenticados para evitar el estado de borrado y seguir usando un servidor a través de un token. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28126 • CWE-16: Configuration •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2012-0800
https://notcve.org/view.php?id=CVE-2012-0800
17 Jul 2012 — The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on an iPad device. La funcionalidad de autocompletado de formularios en Moodle v2.0.x antes de v2.0.7, v2.1.x antes de v2.1.4, y v2.2.x antes de v2.2.1 hace más fácil para los atacantes físicamente próximos el descubr... • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=6e9989dbd3f261b2e1586ff77b0bf22fc7091485 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •