CVSS: 5.0EPSS: 0%CPEs: 101EXPL: 0CVE-2013-1831
https://notcve.org/view.php?id=CVE-2013-1831
lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message. lib/setuplib.php en Moodle hasta v2.1.10, v2.2.x anterior a v2.2.8, v2.3.x anterior a v2.3.5, y v2.4.x anterior a v2.4.2 permite a atacantes remotos obtener información a través de una petición inválida, lo que revela la ruta absoluta en el mensaje de excepción. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36901 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html http://openwall.com/lists/oss-security/2013/03/25/2 https://moodle.org/mod/forum/discuss.php?d=225342 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 55EXPL: 0CVE-2013-1834
https://notcve.org/view.php?id=CVE-2013-1834
notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated users to reassign notes via a modified (1) userid or (2) courseid field. notes/edit.php de Moodle v1.9.x hasta v1.9.19, v2.x hasta v2.1.10, v2.2.x hasta v2.2.8, v2.3.x anterior a v2.3.5, y v2.4.x anterior a v2.4.2 permite a usuarios remotamente autenticados asignar notas a través de modificaciones en (1) el campo userid ó (2) en el campo courseid. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37411 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html http://openwall.com/lists/oss-security/2013/03/25/2 https://moodle.org/mod/forum/discuss.php?d=225346 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 103EXPL: 0CVE-2013-1830
https://notcve.org/view.php?id=CVE-2013-1830
user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search. user/view.php en Moodle hasta v2.1.10, v2.2.x anterior a v2.2.8, v2.3.x anterior a v2.3.5, y v2.4.x anterior a 2.4.2 no aplica el ajuste forceloginforprofiles, que permite a atacantes remotos obtener información del perfil del curso aprovechando el rol de invitado, como lo demuestra una búsqueda en Google. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37481 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html http://openwall.com/lists/oss-security/2013/03/25/2 https://moodle.org/mod/forum/discuss.php?d=225341 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 40EXPL: 0CVE-2012-6098
https://notcve.org/view.php?id=CVE-2012-6098
grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature. grade/edit/outcome/edit_form.php en Moodle v1.9.x a la v1.9.19, 2.1.x anterior a v2.1.10, v2.2.x anterior a v2.2.7, v2.3.x anterior a v2.3.4, y v2.4.x anterior a v2.4.1 no maneja adecuadamente los requisitos "moodle/grade:manage capability", lo que permite a usuarios remotos autentificados convertir los resultados personalizados en el estándar de todo el sitio mediante el aprovechamiento de los resultados del rol de profesor y utilizando la funcionalidad de reeditar. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-27619 http://openwall.com/lists/oss-security/2013/01/21/1 https://moodle.org/mod/forum/discuss.php?d=220158 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 39EXPL: 0CVE-2012-3398
https://notcve.org/view.php?id=CVE-2012-3398
Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records. Vulnerabilidad de complejidad algorítmica en Moodle v1.9.x anteriores a v1.9.19, v2.0.x anteriores a v2.0.10, v2.1.x anteriores a v2.1.7, y v2.2.x anteriores a v2.2.4 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante el uso de la búsqueda avanzada en una base de datos que tenga muchos registros. • http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32126 http://openwall.com/lists/oss-security/2012/07/17/1 http://secunia.com/advisories/49890 http://www.securityfocus.com/bid/54481 https://exchange.xforce.ibmcloud.com/vulnerabilities/76964 •