CVE-2014-3548
https://notcve.org/view.php?id=CVE-2014-3548
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog. Múltiples vulnerabilidades de XSS en Moodle through 2.3.11, 2.4.x anterior a 2.4.11, 2.5.x anterior a 2.5.7, 2.6.x anterior a 2.6.4 y 2.7.x anterior a 2.7.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores que provocan un dialogo de excepciones AJAX . • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471 http://openwall.com/lists/oss-security/2014/07/21/1 http://www.securityfocus.com/bid/68766 https://moodle.org/mod/forum/discuss.php?d=264270 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-3552
https://notcve.org/view.php?id=CVE-2014-3552
The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction. El plugin Shibboleth Authentication en auth/shibboleth/index.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.11 y 2.5.x anterior a 2.5.7 no comprueba si un ID de sesión está vacío, lo que permite a usuarios remotos autenticados secuestrar sesiones a través de interacciones manipuladas de plugins. • http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485 http://openwall.com/lists/oss-security/2014/07/21/1 https://moodle.org/mod/forum/discuss.php?d=264261 • CWE-287: Improper Authentication •
CVE-2014-3547
https://notcve.org/view.php?id=CVE-2014-3547
Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge. Múltiples vulnerabilidades de XSS en badges/renderer.php en Moodle 2.5.x anterior a 2.5.7, 2.6.x anterior a 2.6.4 y 2.7.x anterior a 2.7.1 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de un badge externo. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46042 http://openwall.com/lists/oss-security/2014/07/21/1 http://www.securityfocus.com/bid/68758 https://moodle.org/mod/forum/discuss.php?d=264269 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-3546
https://notcve.org/view.php?id=CVE-2014-3546
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a modified URL. Moodle hasta 2.3.11, 2.4.x anterior a 2.4.11, 2.5.x anterior a 2.5.7, 2.6.x anterior a 2.6.4 y 2.7.x anterior a 2.7.1 no fuerza ciertos requisitos de capacidad en (1) notes/index.php y (2) user/edit.php, lo que permite a atacantes remotos obtener información potencialmente sensible de nombres de usuarios y cursos a través de una URL modificado. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45760 http://openwall.com/lists/oss-security/2014/07/21/1 https://moodle.org/mod/forum/discuss.php?d=264267 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-3545
https://notcve.org/view.php?id=CVE-2014-3545
Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz. Moodle hasta 2.3.11, 2.4.x anterior a 2.4.11, 2.5.x anterior a 2.5.7, 2.6.x anterior a 2.6.4 y 2.7.x anterior a 2.7.1 permite a usuarios remotos autenticados ejecutar código arbitrario a través de una pregunta calculada en un cuestionario. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148 http://openwall.com/lists/oss-security/2014/07/21/1 https://moodle.org/mod/forum/discuss.php?d=264266 • CWE-94: Improper Control of Generation of Code ('Code Injection') •