Page 32 of 379 results (0.005 seconds)

CVSS: 5.0EPSS: 0%CPEs: 64EXPL: 0

CVE-2014-0216

https://notcve.org/view.php?id=CVE-2014-0216

The My Home implementation in the block_html_pluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML block. La implementación My Home en la función block_html_pluginfile en blocks/html/lib.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.10, 2.5.x anterior a 2.5.6 y 2.6.x anterior a 2.6.3 no restringe debidamente acceso a archivos, lo que permite a atacantes remotos obtener información sensible mediante la visita a un bloque HTML. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877 http://openwall.com/lists/oss-security/2014/05/19/1 https://moodle.org/mod/forum/discuss.php?d=260364 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.8EPSS: 0%CPEs: 64EXPL: 0

CVE-2014-0214

https://notcve.org/view.php?id=CVE-2014-0214

login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 creates a MoodleMobile web-service token with an infinite lifetime, which makes it easier for remote attackers to hijack sessions via a brute-force attack. login/token.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.10, 2.5.x anterior a 2.5.6 y 2.6.x anterior a 2.6.3 crea un token de servicio web MoodleMobile con una vida infinita, lo que facilita a atacantes remotos secuestrar sesiones a través de un ataque de fuerza bruta. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43119 http://openwall.com/lists/oss-security/2014/05/19/1 https://moodle.org/mod/forum/discuss.php?d=260362 • CWE-287: Improper Authentication •

CVSS: 4.3EPSS: 0%CPEs: 64EXPL: 0

CVE-2014-0218

https://notcve.org/view.php?id=CVE-2014-0218

Cross-site scripting (XSS) vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el repositorio de URL de descarga en repository/url/lib.php en Moodle hasta 2.3.11, 2.4.x hasta 2.4.10, 2.5.x anterior a 2.5.6 y 2.6.x anterior a 2.6.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45332 http://openwall.com/lists/oss-security/2014/05/19/1 http://www.securityfocus.com/bid/67479 https://moodle.org/mod/forum/discuss.php?d=260366 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

CVE-2014-0217

https://notcve.org/view.php?id=CVE-2014-0217

enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL. enrol/index.php en Moodle 2.6.x anterior a 2.6.3 no comprueba para la funcionalidad moodle/course:viewhiddencourses antes de listar cursos escondidos, lo que permite a atacantes remotos obtener información sensible de nombres y resúmenes sobre estos cursos mediante el aprovechamiento del rol de invitado y la visita a una URL manipulada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45126 http://openwall.com/lists/oss-security/2014/05/19/1 https://moodle.org/mod/forum/discuss.php?d=260365 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.9EPSS: 0%CPEs: 61EXPL: 0

CVE-2014-0122

https://notcve.org/view.php?id=CVE-2014-0122

mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly check for the mod/chat:chat capability during chat sessions, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by remaining in a chat session after an intra-session capability removal by an administrator. mod/chat/chat_ajax.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2 no comprueba debidamente la funcionalidad mod/chat:chat durante sesiones de chat, lo que permite a usuarios remotos autenticados evadir restricciones de acceso en circunstancias oportunistas permaneciendo en una sesión de chat después de una eliminación de funcionalidad intrasesión por un administrador. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44082 http://openwall.com/lists/oss-security/2014/03/17/1 https://moodle.org/mod/forum/discuss.php?d=256418 • CWE-264: Permissions, Privileges, and Access Controls •