CVSS: 4.0EPSS: 0%CPEs: 18EXPL: 0CVE-2010-1616
https://notcve.org/view.php?id=CVE-2010-1616
Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability. Moodle v1.8.x y v1.9.x anterior a v1.9.8 puede crear nuevos roles al restaurar un curso, lo cual permite a los profesores crear nuevas cuentas, incluso si no tienen permisos moodle/user:create. • http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://moodle.org/security http://tracker.moodle.org/browse/MDL-16658 http://www.vupen.com/english/advisories/2010/1107 •
CVSS: 6.8EPSS: 0%CPEs: 18EXPL: 0CVE-2010-1613
https://notcve.org/view.php?id=CVE-2010-1613
Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks. Moodle v1.8.x y v1.9.x anterior a v1.9.8 no habilita el "Regenerate session id during login" (regenerar id de sesión al acceder) como configuración por defecto, lo cual facilita a los atacantes remotos realizar ataques de fijación de sesión. • http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://moodle.org/security http://www.vupen.com/english/advisories/2010/1107 • CWE-287: Improper Authentication •
CVSS: 4.0EPSS: 0%CPEs: 18EXPL: 0CVE-2010-1617
https://notcve.org/view.php?id=CVE-2010-1617
user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page. user/view.php en Moodle v1.8.x anterior a v1.8.12 y v1.9.x anterior a v1.9.8 no comprueba correctamente un rol, lo cual permite a usuarios remotos autenticados obtener los nombres completos de otros usuarios a través de la página del perfil del curso. • http://cvs.moodle.org/moodle/user/view.php?r1=1.168.2.28&r2=1.168.2.29 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html http://moodle.org/security http://www.vupen.com/english/advisories/2010/1107 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0CVE-2009-4298
https://notcve.org/view.php?id=CVE-2009-4298
The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors. El modulo LAMS (mod/lams) para en Moodle v1.8 anteriores a v1.8.11 y v1.9 anteriores a v1.9.7 almacena los campos (1) nombre de usuarios, (2) nombre, y (3) apellidos dentro de la tabla de usuario, lo que permite a los atacantes obtener la información de la cuenta de usuario a través de vectores desconocidos. • http://docs.moodle.org/en/Moodle_1.8.11_release_notes http://docs.moodle.org/en/Moodle_1.9.7_release_notes http://moodle.org/mod/forum/discuss.php?d=139102 http://secunia.com/advisories/37614 http://www.securityfocus.com/bid/37244 http://www.vupen.com/english/advisories/2009/3455 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html https://www.redhat.com/ar • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.0EPSS: 0%CPEs: 15EXPL: 0CVE-2009-4301
https://notcve.org/view.php?id=CVE-2009-4301
mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions. mnet/lib.php en Moodle v1.8 anteriores a v1.8.11 y v1.9 anteriores a v1.9.7, cuando los servicios MNET están activados, no chequea adecuadamente los permisos, lo que permite a servidores remotos autenticados ejecutar funciones MNET arbitrarias. • http://cvs.moodle.org/moodle/mnet/lib.php?r1=1.16.2.10&r2=1.16.2.11 http://cvs.moodle.org/moodle/mnet/lib.php?r1=1.9.2.7&r2=1.9.2.8 http://docs.moodle.org/en/Moodle_1.8.11_release_notes http://docs.moodle.org/en/Moodle_1.9.7_release_notes http://moodle.org/mod/forum/discuss.php?d=139106 http://secunia.com/advisories/37614 http://www.securityfocus.com/bid/37244 http://www.vupen.com/english/advisories/2009/3455 https://www.redhat.c • CWE-264: Permissions, Privileges, and Access Controls •