CVSS: 4.8EPSS: 0%CPEs: 11EXPL: 0CVE-2012-3393
https://notcve.org/view.php?id=CVE-2012-3393
23 Jul 2012 — Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en repository/lib.php en Moodle v2.1.x anteriores a v2.1.7 y v2.2.x anteriores a v2.2.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML renombrando un repositorio. • http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-33808 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 39EXPL: 0CVE-2012-3398
https://notcve.org/view.php?id=CVE-2012-3398
23 Jul 2012 — Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity that has many records. Vulnerabilidad de complejidad algorítmica en Moodle v1.9.x anteriores a v1.9.19, v2.0.x anteriores a v2.0.10, v2.1.x anteriores a v2.1.7, y v2.2.x anteriores a v2.2.4 permite a atacantes remotos provocar una denegaci... • http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32126 •
CVSS: 5.4EPSS: 0%CPEs: 22EXPL: 0CVE-2012-3397
https://notcve.org/view.php?id=CVE-2012-3397
23 Jul 2012 — lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 does not check for a group-membership requirement when determining whether an activity is unavailable or hidden, which allows remote authenticated users to bypass intended access restrictions by selecting an activity that is configured for a group of other users. lib/modinfolib.php en Moodle v2.0.x anteriores a v2.0.10, v2.1.x anteiores a v2.1.7, v2.2.x anteriores a v2.2.4, y v2.3.x anteriores a ... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33466 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2012-3387
https://notcve.org/view.php?id=CVE-2012-3387
23 Jul 2012 — Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrictions via a client that omits this check. Moodle v2.3.x anteriores a v2.3.1 usa solo un control del lado del cliente utiliza sólo una comprobación del lado del cliente para saber si las referencias están permitidas en un archivo subido, lo que permite a usuarios remotos autenticados omitir las restricciones de al... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33948 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2012-3391
https://notcve.org/view.php?id=CVE-2012-3391
23 Jul 2012 — mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging the student role and reading the RSS feed for a forum. mod/forum/rsslib.php en Moodle v2.1.x anteriores a v2.1.7 y v2.2.x anteriores a v2.2.4 no implementan de forma adecuada el requisito para escribir un post, después de leer un foro Q&A, lo que permite a usuar... • http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-32199 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2012-3389
https://notcve.org/view.php?id=CVE-2012-3389
23 Jul 2012 — Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) lti_typename or (2) lti_toolurl parameter. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en mod/lti/typessettings.php en Moodle v2.2.x anteriores a v2.2.4 y v2.3.x anteriores a v2.3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de los ... • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31692 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0CVE-2012-3395
https://notcve.org/view.php?id=CVE-2012-3395
23 Jul 2012 — SQL injection vulnerability in mod/feedback/complete.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to execute arbitrary SQL commands via crafted form data. Vulnerabilidad de inyección SQL en mod/feedback/complete.php en Moodle v2.0.x anteriores a v2.0.10, v2.1.x anteriores a v2.1.7, y v2.2.x anteriores a v2.2.4, permite a atacantes remotos ejecutar comandos SQL de su elección a través de un formulario de datos modificado. • http://git.moodle.org/gw?p=moodle.git&a=search&h=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7&st=commit&s=MDL-27675 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 11EXPL: 0CVE-2012-3392
https://notcve.org/view.php?id=CVE-2012-3392
23 Jul 2012 — mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums. mod/forum/unsubscribeall.php en Moodle v2.1.x anteriores a v2.1.7 y v2.2.x anteriores a v2.2.4 no tiene en cuenta si un foro es opcional, lo que permite a usuarios remotos autenticados eludir los requisitos de suscripción foro, aprovech... • http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-31460 • CWE-16: Configuration •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 0CVE-2012-3394
https://notcve.org/view.php?id=CVE-2012-3394
23 Jul 2012 — auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows remote attackers to obtain sensitive information by sniffing the network. auth/ldap/ntlmsso_attempt.php en Moodle v2.0.x anteriores a v2.0.10, v2.1.x anteriores a v2.1.7, v2.2.x anteriores a v2.2.4, y v2.3.x anteriores a v2.3.1 redirecciona usuarios desde una dirección URL HTTPS de login LDAP, lo que permite atac... • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2012-2359
https://notcve.org/view.php?id=CVE-2012-2359
21 Jul 2012 — admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability. admin/roles/override.php en Moodle v2.0.x anteriores a v2.0.9, v2.1.x anteiores a v2.1.6, y v2.2.x anteriores a v2.2.3 permite a usuarios remotos autenticados obtener privilegios mediante la elevación de privilegios del rol de prof... • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=0f75e1e6272db0303abc8e27362e5c3a1344b82f • CWE-264: Permissions, Privileges, and Access Controls •