Page 37 of 234 results (0.013 seconds)

CVSS: 4.0EPSS: 0%CPEs: 35EXPL: 0

Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action. Moodle v1.9.x anteriores a v1.9.18, 2.0.x anteriores a v2.0.9, v2.1.x anteriores a v2.1.6, y v2.2.x anteriores a v2.2.3 permite a usuarios remotos autenticados a evitar los requisitos moodle/calendar:manageownentries y añadir una entrada a calendario a través de una acción nueva entrada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-18335 http://openwall.com/lists/oss-security/2012/05/23/2 http://osvdb.org/82074 http://www.securityfocus.com/bid/53626 https://moodle.org/mod/forum/discuss.php?d=203057 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 2.6EPSS: 0%CPEs: 17EXPL: 0

Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en blog/lib.php en la implementación del blog en Moodle v1.9.x anteriores a v1.9.18 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un parámetro manipuolado sobre blog/index.php. • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=038131c8b5614f18c14d964dc53b6960ae6c30d8 http://openwall.com/lists/oss-security/2012/05/23/2 http://osvdb.org/82069 https://moodle.org/mod/forum/discuss.php?d=203052 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 17EXPL: 0

SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event. Vulnerabilidad de inyección SQL en calendar/event.php en la implementación en Moodle v1.9.x anteriores a v1.9.18, permite a atacantes remotos ejecutar comandos SQL de su elección a través de eventos del calendario manipulados. • http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_19_STABLE&st=commit&s=MDL-31746 http://openwall.com/lists/oss-security/2012/05/23/2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.0EPSS: 0%CPEs: 23EXPL: 0

Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface. Moodle v1.9.x antes de v1.9.15, v2.0.x antes de v2.0.6 y v2.1.x antes de v2.1.3 no controla correctamente los mensajes de grupo user/action_redir, lo que permite descubrir direcciones de correo electrónico a usuarios remotos autenticados visitando la interfaz de mensajería. • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=e94113a859015a4a80b9397957b8fc4044e2951f http://moodle.org/mod/forum/discuss.php?d=191762 https://bugzilla.redhat.com/show_bug.cgi?id=761248 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0

Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml. Moodle v1.9.x antes de v1.9.11 y v2.0.x antes de v2.0.2 coloca un archivo de inscripción de empresa IMS en el área de archivos del curso, lo que permite a atacantes remotos obtener información sensible a través de una solicitud imsenterprise-enrol.xml. • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=6fde0dac702b3d0954bd1c34d427944e9cd89ae6 http://moodle.org/mod/forum/discuss.php?d=170009 http://openwall.com/lists/oss-security/2011/11/14/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •