CVSS: 8.1EPSS: 0%CPEs: 27EXPL: 0CVE-2012-0795
https://notcve.org/view.php?id=CVE-2012-0795
17 Jul 2012 — Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address. Moodle v1.9.x anterior a v1.9.16, v2.0.x anterior a v2.0.7, v2.1.x anterior a v2.1.4, v2.2.1 y v2.2.x no valida la configuración del correo electrónico, permitiendo a usuarios remotos autenticados para tener una el impacto no especificado a través de una dirección diseñada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-13572 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 5EXPL: 0CVE-2012-0798
https://notcve.org/view.php?id=CVE-2012-0798
17 Jul 2012 — The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role. La funcionalidad de auto-inscripción en Moodle v2.1.x anterior a v2.1.4 y v2.2.x anterior a v2.2.1 permite a usuarios remotos autenticados obtener la función de administrador mediante el aprovechamiento de la función docente. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29469 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2012-0801
https://notcve.org/view.php?id=CVE-2012-0801
17 Jul 2012 — lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors. lib/formslib.php en Moodle v2.1.x anterior a v2.1.4 y v2.2.x anterior a v2.2.1 no maneja adecuadamente varias instancias de un elemento de formulario, que tiene un impacto no especificado y vectores de ataque a distancia. • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=51070abc78b9e1db1db9a44855e8623b22bebd48 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 27EXPL: 0CVE-2012-0796
https://notcve.org/view.php?id=CVE-2012-0796
17 Jul 2012 — class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header. class.phpmailer.php en la biblioteca PHPMailer, como los usados ??en Moodle v1.9.x antes de v1.9.16, v2.0.x antes de v2.0.7, v2.1.x antes de v2.1.4, y v2.2.x antes de v2.2.1 y otros productos, permite a usuario... • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=62988bf0bbc73df655f51884aaf1f523928abff9 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2012-0794
https://notcve.org/view.php?id=CVE-2012-0794
17 Jul 2012 — The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution. La función rc4encrypt en lib/moodlelib.php en Moodle v1.9.x antes de v1.9.16, v2.0.x antes de v2.0.7, v2.1.x antes de v2.1.4 y v2.2.x antes de v2.2.1 utiliza un... • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=98456628a24bba25d336860d38a45b5a4e3895da • CWE-255: Credentials Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 1CVE-2011-4203
https://notcve.org/view.php?id=CVE-2011-4203
22 Dec 2011 — CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable. Vulnerabilidad de inyección en CRLF en ficheros calendar/set.php en el componente Calendar en Moodle v1.9.x anteriores a v1.9.15, v2.0.x anteriores a v2.0.6, v2.1.x anteriores a v2.1.3, y v2.2 permiten a atacantes rem... • http://penturalabs.wordpress.com/2011/12/13/advisory-crlf-injection-vulnerability-in-moodle • CWE-94: Improper Control of Generation of Code ('Code Injection') •