CVSS: 4.0EPSS: 0%CPEs: 20EXPL: 0CVE-2011-4308
https://notcve.org/view.php?id=CVE-2011-4308
mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors. mod/forum/user.php en Moodle v1.9.x antes de v1.9.14, v2.0.x antes de v2.0.5 y v2.1.x antes de v2.1.2 permite descubrir los nombres de otros usuarios a usuarios remotos autenticados a través de vectores no especificados. • http://git.moodle.org/gw?p=moodle.git&a=search&s=MDL-28615 http://moodle.org/mod/forum/discuss.php?d=188322 http://www.debian.org/security/2012/dsa-2421 https://bugzilla.redhat.com/show_bug.cgi?id=747444 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 27EXPL: 0CVE-2012-0793
https://notcve.org/view.php?id=CVE-2012-0793
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors. Moodle v1.9.x antes de v1.9.16, v2.0.x antes de v2.0.7, v2.1.x antes de v2.1.4, y v2.2.x antes de v2.2.1 permite a atacantes remotos ver las imágenes de perfil de las cuentas de usuario a través de vectores no especificados. • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=90911c4ff98dc2078a3acef5ddf5a1a8f7e20ba5 http://moodle.org/mod/forum/discuss.php?d=194012 http://www.debian.org/security/2012/dsa-2421 https://bugzilla.redhat.com/show_bug.cgi?id=783532 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 14EXPL: 0CVE-2011-4585
https://notcve.org/view.php?id=CVE-2011-4585
login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network. login/change_password.php en Moodle v1.9.x antes de v1.9.15 no utiliza HTTPS para el formulario de cambio de contraseña, incluso si la opción httpslogin está activada, lo que permite a atacantes remotos obtener credenciales espiando el tráfico de red. • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=01dd64a8c8aa95f793accea371b2392e662663c5 http://moodle.org/mod/forum/discuss.php?d=191752 http://www.debian.org/security/2012/dsa-2421 https://bugzilla.redhat.com/show_bug.cgi?id=761248 • CWE-16: Configuration •
CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 1CVE-2011-4203
https://notcve.org/view.php?id=CVE-2011-4203
CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable. Vulnerabilidad de inyección en CRLF en ficheros calendar/set.php en el componente Calendar en Moodle v1.9.x anteriores a v1.9.15, v2.0.x anteriores a v2.0.6, v2.1.x anteriores a v2.1.3, y v2.2 permiten a atacantes remotos injectar cabeceras HTTP de su elección y realizar ataques de división de respuesta HTTP a través de vectores de ataque en los que participa la variable de url. • http://penturalabs.wordpress.com/2011/12/13/advisory-crlf-injection-vulnerability-in-moodle http://tracker.moodle.org/browse/MDL-24808 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 53EXPL: 0CVE-2010-2229
https://notcve.org/view.php?id=CVE-2010-2229
Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en blog/index.php en Moodle anteriores a v1.8.13 y v1.9.x anteriores a v1.9.9, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de parámetros no especificados. • http://cvs.moodle.org/moodle/blog/lib.php?r1=1.62.2.9&r2=1.62.2.10 http://cvs.moodle.org/moodle/blog/lib.php?r1=1.80.2.20&r2=1.80.2.21 http://docs.moodle.org/en/Moodle_1.8.13_release_notes http://docs.moodle.org/en/Moodle_1.9.9_release_notes http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html http://lists.fedoraproject.org/pipermail/package-announce/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •