CVSS: 4.0EPSS: 0%CPEs: 22EXPL: 0CVE-2012-3397
https://notcve.org/view.php?id=CVE-2012-3397
lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authenticated users to bypass intended access restrictions by selecting an activity that is configured for a group of other users. lib/modinfolib.php en Moodle v2.0.x anteriores a v2.0.10, v2.1.x anteiores a v2.1.7, v2.2.x anteriores a v2.2.4, y v2.3.x anteriores a v2.3.1 no comprueban los requisitos para un grupo de miembros cuando una actividad no está disponible u oculta, lo que permite a usuarios remotos autenticados evitar las restricciones de acceso especificadas seleccionando una actividad que está configurada para un grupo de otros usuarios. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33466 http://openwall.com/lists/oss-security/2012/07/17/1 http://secunia.com/advisories/49890 http://www.securityfocus.com/bid/54481 https://exchange.xforce.ibmcloud.com/vulnerabilities/76963 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 39EXPL: 0CVE-2012-3398
https://notcve.org/view.php?id=CVE-2012-3398
Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records. Vulnerabilidad de complejidad algorítmica en Moodle v1.9.x anteriores a v1.9.19, v2.0.x anteriores a v2.0.10, v2.1.x anteriores a v2.1.7, y v2.2.x anteriores a v2.2.4 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU) mediante el uso de la búsqueda avanzada en una base de datos que tenga muchos registros. • http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32126 http://openwall.com/lists/oss-security/2012/07/17/1 http://secunia.com/advisories/49890 http://www.securityfocus.com/bid/54481 https://exchange.xforce.ibmcloud.com/vulnerabilities/76964 •
CVSS: 4.0EPSS: 0%CPEs: 35EXPL: 0CVE-2012-2367
https://notcve.org/view.php?id=CVE-2012-2367
Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action. Moodle v1.9.x anteriores a v1.9.18, 2.0.x anteriores a v2.0.9, v2.1.x anteriores a v2.1.6, y v2.2.x anteriores a v2.2.3 permite a usuarios remotos autenticados a evitar los requisitos moodle/calendar:manageownentries y añadir una entrada a calendario a través de una acción nueva entrada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-18335 http://openwall.com/lists/oss-security/2012/05/23/2 http://osvdb.org/82074 http://www.securityfocus.com/bid/53626 https://moodle.org/mod/forum/discuss.php?d=203057 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 18EXPL: 0CVE-2012-2365
https://notcve.org/view.php?id=CVE-2012-2365
Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Moodle v2.0.x anteriores a v2.0.9, v2.1.x anteiores a v2.1.6, y 2.2.x anteriores a v2.2.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo idnumber sobre cohort/edit.php. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31691 http://openwall.com/lists/oss-security/2012/05/23/2 http://osvdb.org/82072 https://moodle.org/mod/forum/discuss.php?d=203055 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2012-2359
https://notcve.org/view.php?id=CVE-2012-2359
admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability. admin/roles/override.php en Moodle v2.0.x anteriores a v2.0.9, v2.1.x anteiores a v2.1.6, y v2.2.x anteriores a v2.2.3 permite a usuarios remotos autenticados obtener privilegios mediante la elevación de privilegios del rol de profesor y modificando sus propias capacidades, como se demostró consiguiendo la capacidad backup:userinfo. • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=0f75e1e6272db0303abc8e27362e5c3a1344b82f http://openwall.com/lists/oss-security/2012/05/23/2 • CWE-264: Permissions, Privileges, and Access Controls •