CVSS: 6.8EPSS: 0%CPEs: 61EXPL: 0CVE-2014-0126
https://notcve.org/view.php?id=CVE-2014-0126
Cross-site request forgery (CSRF) vulnerability in enrol/imsenterprise/importnow.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that import an IMS Enterprise file. Vulnerabilidad de CSRF en enrol/imsenterprise/importnow.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2 permite a atacantes remotos secuestrar la autenticación de administradores para solicitudes que importan un archivo IMS Enterprise. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43146 http://openwall.com/lists/oss-security/2014/03/17/1 https://moodle.org/mod/forum/discuss.php?d=256423 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.0EPSS: 0%CPEs: 61EXPL: 0CVE-2014-0124
https://notcve.org/view.php?id=CVE-2014-0124
The identity-reporting implementations in mod/forum/renderer.php and mod/quiz/override_form.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 do not properly restrict the display of e-mail addresses, which allows remote authenticated users to obtain sensitive information by using the (1) Forum or (2) Quiz module. Las implementaciones de informes de identidad en mod/forum/renderer.php y mod/quiz/override_form.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2 no restringen debidamente la visualización de direcciones de email, lo que permite a usuarios remotos autenticados obtener información sensible mediante el uso del módulo (1) Forum o (2) Quiz. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43916 http://openwall.com/lists/oss-security/2014/03/17/1 https://moodle.org/mod/forum/discuss.php?d=256421 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 61EXPL: 0CVE-2014-0129
https://notcve.org/view.php?id=CVE-2014-0129
badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before 2.6.2 does not properly track the user to whom a badge was issued, which allows remote authenticated users to modify the visibility of an arbitrary badge via unspecified vectors. badges/mybadges.php en Moodle 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2 no rastrea debidamente el usuario a quien un badge fue entregado, lo que permite a usuarios remotos autenticados modificar la visibilidad de un badge arbitrario a través de vectores no especificados. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44140 http://openwall.com/lists/oss-security/2014/03/17/1 https://moodle.org/mod/forum/discuss.php?d=256424 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 61EXPL: 0CVE-2014-0127
https://notcve.org/view.php?id=CVE-2014-0127
The time-validation implementation in (1) mod/feedback/complete.php and (2) mod/feedback/complete_guest.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to bypass intended restrictions on starting a Feedback activity by choosing an unavailable time. La implementación time-validation en (1) mod/feedback/complete.php y (2) mod/feedback/complete_guest.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2 permite a usuarios remotos autenticados evadir restricciones sobre iniciar una actividad Feedback mediante la selección de un tiempo no disponible. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43656 http://openwall.com/lists/oss-security/2014/03/17/1 https://moodle.org/mod/forum/discuss.php?d=256417 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 61EXPL: 0CVE-2014-0123
https://notcve.org/view.php?id=CVE-2014-0123
The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict (1) view and (2) edit access, which allows remote authenticated users to perform wiki operations by leveraging the student role and using the Recent Activity block to reach the individual wiki of an arbitrary student. El subsistema wiki en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.9, 2.5.x anterior a 2.5.5 y 2.6.x anterior a 2.6.2 no restringe debidamente acceso (1) visualizar y (2) editar, lo que permite a usuarios remotos autenticados realizar operaciones wiki mediante el aprovechamiento del rol de estudiante y el uso de bloque "Recent Activity" de actividad reciente para alcanzar el wiki individual de un estudiante arbitrario. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39990 http://openwall.com/lists/oss-security/2014/03/17/1 https://moodle.org/mod/forum/discuss.php?d=256419 • CWE-264: Permissions, Privileges, and Access Controls •