Page 43 of 245 results (0.010 seconds)

CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0

lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that references a non-public file. lib/filelib.php en Moodle v2.1.x anterior a v2.1.8, v2.2.x anterior a v2.2.5, y v2.3.x anterior a v2.3.2, no valida adecuadamente el estado de la publicación de los archivos del blog, lo que permite a atacantes remotos obtener información sensible a través de la lectura de una entrada en el blog que referencia a un archivo que no es público. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34585 http://moodle.org/mod/forum/discuss.php?d=211557 http://openwall.com/lists/oss-security/2012/09/17/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.0EPSS: 0%CPEs: 7EXPL: 0

repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field. repository/repository_ajax.php en Moodle v2.2.x antes de v2.2.5 y v2.3.x antes de v2.3.2 permite a usuarios remotos autenticados eludir restricciones de tamaño de subida de ficheros a través de un valor de -1 en el campo MaxBytes. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-30792 http://moodle.org/mod/forum/discuss.php?d=211555 http://openwall.com/lists/oss-security/2012/09/17/1 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0

auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows remote attackers to obtain sensitive information by sniffing the network. auth/ldap/ntlmsso_attempt.php en Moodle v2.0.x anteriores a v2.0.10, v2.1.x anteriores a v2.1.7, v2.2.x anteriores a v2.2.4, y v2.3.x anteriores a v2.3.1 redirecciona usuarios desde una dirección URL HTTPS de login LDAP, lo que permite atacantes remotos a obtener información sensible espiando la red. • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=9d8d2ee6192e8b7ebb6713bd6215e06f94e2a9f7 http://openwall.com/lists/oss-security/2012/07/17/1 http://secunia.com/advisories/49890 http://www.securityfocus.com/bid/54481 https://exchange.xforce.ibmcloud.com/vulnerabilities/76960 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.5EPSS: 0%CPEs: 22EXPL: 0

Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2365. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en cohort/edit_form.php en Moodle v2.0.x anteriores a v2.0.10, v2.1.x anteriores a v2.1.7, v2.2.x anteriores a v2.2.4, y v2.3.x anteriores a v2.3.1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del campo idnumber. NOTA: esta vulnerabilidad existe debido a una mala implementación de la solución para CVE-2012-2365. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34045 http://openwall.com/lists/oss-security/2012/07/17/1 http://secunia.com/advisories/49890 http://www.securityfocus.com/bid/54481 https://exchange.xforce.ibmcloud.com/vulnerabilities/76962 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0

The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 does not properly interact with the caching feature, which might allow remote authenticated users to bypass an intended capability check via unspecified vectors that trigger caching of a user record. La función is_enrolled en lib/accesslib.php en Moodle v2.2.x anteriores a v2.2.4 y v2.3.x anteriores a v2.3.1 no interactúa de forma adecuada con la característica de cacheado, lo qe podría permitir a usuarios remotos autenticados evitar el control de capacidad a través de vectores que provocan un cacheado del registro de usuario. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33916 http://openwall.com/lists/oss-security/2012/07/17/1 http://secunia.com/advisories/49890 http://www.securityfocus.com/bid/54481 https://exchange.xforce.ibmcloud.com/vulnerabilities/76955 • CWE-264: Permissions, Privileges, and Access Controls •