CVE-2015-2267
https://notcve.org/view.php?id=CVE-2015-2267
mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass intended access restrictions and extract archives to arbitrary directories via a crafted dataroot value. mdeploy.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.9, 2.7.x anterior a 2.7.6, y 2.8.x anterior a 2.8.4 permite a usuarios remotos autenticados evadir las restricciones de acceso y extraer archivos a directorios arbitrarios a través de un valor dataroot manipulado. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49087 http://openwall.com/lists/oss-security/2015/03/16/1 https://moodle.org/mod/forum/discuss.php?d=307381 • CWE-284: Improper Access Control •
CVE-2015-1493
https://notcve.org/view.php?id=CVE-2015-1493
Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading PHP scripts. Vulnerabilidad de salto de directorio en la función min_get_slash_argument en lib/configonlylib.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.8, 2.7.x anterior a 2.7.5, y 2.8.x anterior a 2.8.3 permite a usuarios remotos autenticados leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro file, tal y como fue demostrado mediante la lectura de secuencias de comandos PHP. • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=af9a7937cc085f96bdbc4724cadec6eeae0242fc http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48980 http://openwall.com/lists/oss-security/2015/02/04/15 http://openwall.com/lists/oss-security/2015/02/09/2 https://moodle.org/mod/forum/discuss.php?d=279956 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2015-3181
https://notcve.org/view.php?id=CVE-2015-3181
files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restrictions by using web services to perform uploads after this capability has been revoked. files/externallib.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.11, 2.7.x anterior a 2.7.8, y 2.8.x anterior a 2.8.6 no considera la capacidad moodle/user:manageownfiles antes de aprobar una subida de ficheros privados, lo que permite a usuarios remotoa autenticados evadir las restricciones de la gestión de ficheros mediante el uso de servicios web para realizar subidas después de que esta capacidad haya sido revocada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49994 http://openwall.com/lists/oss-security/2015/05/18/1 http://www.securityfocus.com/bid/74728 http://www.securitytracker.com/id/1032358 https://moodle.org/mod/forum/discuss.php?d=313688 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-3179
https://notcve.org/view.php?id=CVE-2015-3179
login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account. login/confirm.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.11, 2.7.x anterior a 2.7.8, y 2.8.x anterior a 2.8.6 permite a usuarios remotos autenticados evadir las restricciones de inicio de sesión mediante el aprovechamiento del acceso a una cuenta suspendida no confirmada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50090 http://openwall.com/lists/oss-security/2015/05/18/1 http://www.securityfocus.com/bid/74725 http://www.securitytracker.com/id/1032358 https://moodle.org/mod/forum/discuss.php?d=313686 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2015-2269 – Moodle 2.5.9/2.6.8/2.7.5/2.8.3 - Block Title Handler Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-2269
Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element. Múltiples vulnerabilidades de XSS en lib/javascript-static.js en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.9, 2.7.x anterior a 2.7.6, y 2.8.x anterior a 2.8.4 permiten a usuarios remotos autenticados inyectar secuencias de comandos web arbitrarios o HTML a través de un atributo (1) alt o (2) title en un elemento IMG. Moodle suffers from persistent cross site scripting vulnerabilities. Input passed to the POST parameters 'config_title' and 'title' thru index.php, are not properly sanitized allowing the attacker to execute HTML or JS code into user's browser session on the affected site. Affected components: Blocks, Glossary, RSS and Tags. • https://www.exploit-db.com/exploits/36418 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49144 http://openwall.com/lists/oss-security/2015/03/16/1 https://moodle.org/mod/forum/discuss.php?d=307383 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •