CVE-2015-0216
https://notcve.org/view.php?id=CVE-2015-0216
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback. access.php en el módulo Lesson en Moodle 2.8.x anterior a 2.8.2 no configura el bit RISK_XSS para los graduadores, lo que permite a usuarios remotos autenticados realizar ataques de XSS a través de comentarios (feedback) manipulados sobre composiciones. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48034 http://openwall.com/lists/oss-security/2015/01/19/1 https://moodle.org/mod/forum/discuss.php?d=278616 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-2266
https://notcve.org/view.php?id=CVE-2015-2266
message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 does not consider the moodle/site:readallmessages capability before accessing arbitrary conversations, which allows remote authenticated users to obtain sensitive personal-contact and unread-message-count information via a modified URL. message/index.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.9, 2.7.x anterior a 2.7.6, y 2.8.x anterior a 2.8.4 no considera la capacidad moodle/site:readallmessages antes de acceder a conversaciones arbitrarias, lo que permite a usuarios remotos autenticados obtener información sensible sobre contactos personales y la cuenta de mensajes no leídos a través de una URL modificada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49204 http://openwall.com/lists/oss-security/2015/03/16/1 https://moodle.org/mod/forum/discuss.php?d=307380 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-2268
https://notcve.org/view.php?id=CVE-2015-2268
filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression. filter/urltolink/filter.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.9, 2.7.x anterior a 2.7.6, y 2.8.x anterior a 2.8.4 permite a usuarios remotos autenticados causar una denegación de servicio (consumo de CPU o interrupción parcial) a través de una cadena manipulada que coincide con una expresión regular incorrecta. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38466 http://openwall.com/lists/oss-security/2015/03/16/1 https://moodle.org/mod/forum/discuss.php?d=307382 • CWE-399: Resource Management Errors •
CVE-2015-3176
https://notcve.org/view.php?id=CVE-2015-3176
The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register. La característica de la confirmación de cuentas en login/confirm.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.11, 2.7.x anterior a 2.7.8, y 2.8.x anterior a 2.8.6 permite a atacantes remotos obtener información sensible de nombres completos mediante el intento de autoregistrarse. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50099 http://openwall.com/lists/oss-security/2015/05/18/1 http://www.securityfocus.com/bid/74644 http://www.securitytracker.com/id/1032358 https://moodle.org/mod/forum/discuss.php?d=313683 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2015-3175
https://notcve.org/view.php?id=CVE-2015-3175
Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header. Múltiples vulnerabilidades de la redirección abierta en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.11, 2.7.x anterior a 2.7.8, y 2.8.x anterior a 2.8.6 permiten a atacantes remotos redirigir usuarios hacia sitios web arbitrarios y realizar ataques de phishing a través de vectores que involucran una página de error que vincula a una URL de una cabecera HTTP Referer. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49179 http://openwall.com/lists/oss-security/2015/05/18/1 http://www.securityfocus.com/bid/74720 http://www.securitytracker.com/id/1032358 https://moodle.org/mod/forum/discuss.php?d=313682 •