CVSS: 4.9EPSS: 0%CPEs: 61EXPL: 0CVE-2014-0127
https://notcve.org/view.php?id=CVE-2014-0127
The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_guest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by choosing an unavailable time. La implementación time-validation en (1) mod/feedback/complete.php y (2) mod/feedback/complete_guest.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2 permite a usuarios remotos autenticados evadir restricciones sobre iniciar una actividad Feedback mediante la selección de un tiempo no disponible. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43656 http://openwall.com/lists/oss-security/2014/03/17/1 https://moodle.org/mod/forum/discuss.php?d=256417 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 61EXPL: 0CVE-2014-0129
https://notcve.org/view.php?id=CVE-2014-0129
badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors. badges/mybadges.php en Moodle 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2 no rastrea debidamente el usuario a quien un badge fue entregado, lo que permite a usuarios remotos autenticados modificar la visibilidad de un badge arbitrario a través de vectores no especificados. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44140 http://openwall.com/lists/oss-security/2014/03/17/1 https://moodle.org/mod/forum/discuss.php?d=256424 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 61EXPL: 0CVE-2014-0125
https://notcve.org/view.php?id=CVE-2014-0125
repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 places a session key in a URL, which allows remote attackers to bypass intended Alfresco Repository file restrictions by impersonating a file's owner. repository/alfresco/lib.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2 sitúa una clave de sesión en una URL, lo que permite a atacantes remotos evadir restricciones de archivo del repositorio Alfresco mediante la suplantación del dueño de un archivo. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29409 http://openwall.com/lists/oss-security/2014/03/17/1 https://moodle.org/mod/forum/discuss.php?d=256422 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 91EXPL: 0CVE-2013-7341
https://notcve.org/view.php?id=CVE-2013-7341
Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342. Múltiples vulnerabilidades de XSS en Flowplayer Flash anterior a 3.2.17, utilizado en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2, permiten a atacantes remotos inyectar script Web o HTML arbitrarios (1) proporcionando un playerId manipulado o (2) referenciando un dominio externo, un problema relacionado con CVE-2013-7342. • http://flash.flowplayer.org/documentation/version-history.html http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43344 http://openwall.com/lists/oss-security/2014/03/17/1 https://github.com/flowplayer/flash/issues/121 https://moodle.org/mod/forum/discuss.php?d=256420 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 25EXPL: 0CVE-2014-0008
https://notcve.org/view.php?id=CVE-2014-0008
lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitive information by reading the Config Changes Report. lib/adminlib.php en Moodle hasta la versión 2.3.11, 2.4.x anterior a la versión 2.4.8, 2.5.x anterior a 2.5.4, y 2.6.x anterior a la versión 2.6.1 registra contraseñas en texto plano, lo que permite a administradores remotos autenticados obtener información sensible mediante la lectura de Config Changes Report. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721 http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127510.html http://lists.fedoraproject.org/pipermail/package-announce/2014-January/127533.html http://openwall.com/lists/oss-security/2014/01/20/1 http://www.securitytracker.com/id/1029647 https://moodle.org/mod/forum/discuss.php?d=252414 • CWE-255: Credentials Management Errors •