CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 0CVE-2013-2081
https://notcve.org/view.php?id=CVE-2013-2081
Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data. Moodle hasta v2.1.10, v2.2.x hasta v2.2.10, v2.3.x hasta v2.3.7, y v2.4.x hasta v2.4.4 no considera los atributos "no enviar" el registro de centros, lo que permite a los centros remotos obtener información sensible del sitio mediante la lectura de los datos del formulario. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37822 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html http://openwall.com/lists/oss-security/2013/05/21/1 https://moodle.org/mod/forum/discuss.php?d=228933 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 32EXPL: 0CVE-2013-2083
https://notcve.org/view.php?id=CVE-2013-2083
The MoodleQuickForm class in lib/formslib.php in Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly handle a certain array-element syntax, which allows remote attackers to bypass intended form-data filtering via a crafted request. La clase MoodleQuickForm en lib/formslib.php en Moodle hasta v2.1.10, v2.2.x antes de v2.2.10, v2.3.x antes de v2.3.7, y v2.4.x antes de v2.4.4 no maneja adecuadamente una sintaxis de matrices de elementos determinados, lo que permite a atacantes remotos evitar filtrados form-data a través de una solicitud manipulada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38885 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html http://openwall.com/lists/oss-security/2013/05/21/1 https://moodle.org/mod/forum/discuss.php?d=228935 • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 32EXPL: 0CVE-2013-2082
https://notcve.org/view.php?id=CVE-2013-2082
Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request. Moodle hasta v2.1.10, v2.2.x hasta v2.2.10, v2.3.x hasta v2.3.7, y v2.4.x hasta v2.4.4 no cumple los requisitos de capacidad para la lectura de los comentarios del blog, lo que permite a atacantes remotos obtener información sensible a través de una solicitud manipulada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37245 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html http://openwall.com/lists/oss-security/2013/05/21/1 https://moodle.org/mod/forum/discuss.php?d=228934 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 36EXPL: 0CVE-2013-1836
https://notcve.org/view.php?id=CVE-2013-1836
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access. Moodle v2.x hasta v2.1.10, v2.2.x anterior a v2.2.8, v2.3.x anterior a v2.3.5, y v2.4.x anterior a v2.4.2 no gestionan correctamente los privilegios del repositorios WebDAV, lo que permite a usuarios autenticados remotamente leer, modificar, o eliminar cualquier repositorio aprovechando el acceso seguro de lectura. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37852 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html http://openwall.com/lists/oss-security/2013/03/25/2 https://moodle.org/mod/forum/discuss.php?d=225348 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 101EXPL: 0CVE-2013-1831
https://notcve.org/view.php?id=CVE-2013-1831
lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message. lib/setuplib.php en Moodle hasta v2.1.10, v2.2.x anterior a v2.2.8, v2.3.x anterior a v2.3.5, y v2.4.x anterior a v2.4.2 permite a atacantes remotos obtener información a través de una petición inválida, lo que revela la ruta absoluta en el mensaje de excepción. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36901 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html http://openwall.com/lists/oss-security/2013/03/25/2 https://moodle.org/mod/forum/discuss.php?d=225342 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •