NotCVE - vendor:"Moodle" product:"Moodle" version:"2.7.0"

Page 31 of 155 results (0.004 seconds)

CVSS: 5.0EPSS: 0%CPEs: 35EXPL: 0

CVE-2014-3546

https://notcve.org/view.php?id=CVE-2014-3546

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 does not enforce certain capability requirements in (1) notes/index.php and (2) user/edit.php, which allows remote attackers to obtain potentially sensitive username and course information via a modified URL. Moodle hasta 2.3.11, 2.4.x anterior a 2.4.11, 2.5.x anterior a 2.5.7, 2.6.x anterior a 2.6.4 y 2.7.x anterior a 2.7.1 no fuerza ciertos requisitos de capacidad en (1) notes/index.php y (2) user/edit.php, lo que permite a atacantes remotos obtener información potencialmente sensible de nombres de usuarios y cursos a través de una URL modificado. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45760 http://openwall.com/lists/oss-security/2014/07/21/1 https://moodle.org/mod/forum/discuss.php?d=264267 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.0EPSS: 0%CPEs: 35EXPL: 0

CVE-2014-3545

https://notcve.org/view.php?id=CVE-2014-3545

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz. Moodle hasta 2.3.11, 2.4.x anterior a 2.4.11, 2.5.x anterior a 2.5.7, 2.6.x anterior a 2.6.4 y 2.7.x anterior a 2.7.1 permite a usuarios remotos autenticados ejecutar código arbitrario a través de una pregunta calculada en un cuestionario. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148 http://openwall.com/lists/oss-security/2014/07/21/1 https://moodle.org/mod/forum/discuss.php?d=264266 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 3.5EPSS: 0%CPEs: 35EXPL: 4

CVE-2014-3544 – Moodle 2.7 - Persistent Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2014-3544

Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field. Vulnerabilidad de XSS en user/profile.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.11, 2.5.x anterior a 2.5.7, 2.6.x anterior a 2.6.4 y 2.7.x anterior a 2.7.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del campo del perfil de ID de Skype. Moodle version 2.7 suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/34169 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683 http://openwall.com/lists/oss-security/2014/07/21/1 http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss http://osvdb.org/show/osvdb/109337 http://packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.html http://www.exploit-db.com/exploits/34169 http://www.securityfocus.com/bid/68756 https://github.com/moodle • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0

CVE-2010-4207

https://notcve.org/view.php?id=CVE-2010-4207

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la infraestructura del componente de Flash en YUI v2.4.0 hasta v2.8.1, tal como se emplea en Bugzilla, Moodle y otros productos, permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante vectores relacionados con charts/assets/charts.swf. • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://moodle.org/mod/forum/discuss.php?d=160910 http://secunia.com/advisories/41955 http://secunia.com/advisories/42271 http://www.bugzilla.org/security/3.2.8 http://www& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 9EXPL: 0

CVE-2010-4208

https://notcve.org/view.php?id=CVE-2010-4208

Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en la infraestructura del componente de Flash en YUI v2.5.0 hasta v2.8.1, tal como se emplea en Bugzilla, Moodle y otros productos, permite a atacantes remotos inyectar secuencias de comandos web o HTML mediante vectores relacionados con uploader/assets/uploader.swf • http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050813.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050820.html http://lists.fedoraproject.org/pipermail/package-announce/2010-November/050830.html http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html http://moodle.org/mod/forum/discuss.php?d=160910 http://secunia.com/advisories/41955 http://secunia.com/advisories/42271 http://www.bugzilla.org/security/3.2.8 http://www& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1...29 30 31