Page 45 of 231 results (0.004 seconds)

CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0

The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors. El modulo LAMS (mod/lams) para en Moodle v1.8 anteriores a v1.8.11 y v1.9 anteriores a v1.9.7 almacena los campos (1) nombre de usuarios, (2) nombre, y (3) apellidos dentro de la tabla de usuario, lo que permite a los atacantes obtener la información de la cuenta de usuario a través de vectores desconocidos. • http://docs.moodle.org/en/Moodle_1.8.11_release_notes http://docs.moodle.org/en/Moodle_1.9.7_release_notes http://moodle.org/mod/forum/discuss.php?d=139102 http://secunia.com/advisories/37614 http://www.securityfocus.com/bid/37244 http://www.vupen.com/english/advisories/2009/3455 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html https://www.redhat.com/ar • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.8EPSS: 0%CPEs: 15EXPL: 0

Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. Múltiples vulnerabilidades de falsificación de petición en sitios cruzados (CSRF) en en Moodle v1.8 anteriores a v1.8.11 y v1.9 anteriores a v1.9.7 permite a atacantes remotos secuestrar la autenticación de victimas inespecíficas a través de vectores desconocidos. • http://docs.moodle.org/en/Moodle_1.8.11_release_notes http://docs.moodle.org/en/Moodle_1.9.7_release_notes http://moodle.org/mod/forum/discuss.php?d=139100 http://secunia.com/advisories/37614 http://www.securityfocus.com/bid/37244 http://www.vupen.com/english/advisories/2009/3455 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html https://www.redhat.com/ar • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0

Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors. Múltiples plugins de autenticación sin especificar en Moodle v1.8 anteriores a v1.8.11 y v1.9 anteriores a v1.9.7 almacenan los hash MD5 para las contraseñas en la tabla de usuario, incluso cuando los hashes que se cachean no son utilizados por el plugin, lo que haría mas fácil a atacantes obtener credenciales a través de vectores sin especificar. • http://docs.moodle.org/en/Moodle_1.8.11_release_notes http://docs.moodle.org/en/Moodle_1.9.7_release_notes http://moodle.org/mod/forum/discuss.php?d=139105 http://secunia.com/advisories/37614 http://www.securityfocus.com/bid/37244 http://www.vupen.com/english/advisories/2009/3455 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html https://www.redhat.com/ar • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0

SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)." Vulnerabilidad de inyección en el módulo SCORM en Moodle v1.8 anteriores a v1.8.11 y v1.9 anteriores a la v1.9.7 permite a usuarios remotos autenticados ejecutar comandos SQL arbitrarios a través de de vectores relacionados con un "asunto de escapado cuando se procesa un fichero AICC CRS (Course_Title)." • http://docs.moodle.org/en/Moodle_1.8.11_release_notes http://docs.moodle.org/en/Moodle_1.9.7_release_notes http://moodle.org/mod/forum/discuss.php?d=139120 http://secunia.com/advisories/37614 http://www.securityfocus.com/bid/37244 http://www.vupen.com/english/advisories/2009/3455 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html https://www.redhat.com/ar • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 2%CPEs: 27EXPL: 2

The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file. El filtro TeX en Moodle v1.6 anteriores a v1.6.9+, v1.7 anteriores a v1.7.7+, v1.8 anteriores a v1.8.9, y v1.9 anteriores a v1.9.5 permite a atacantes con la intervención del usuario leer ficheros de su elección mediante un comando "input" en secuencia con "$$", provocando que LaTeX incluya el contenido del fichero. • https://www.exploit-db.com/exploits/8297 http://cvs.moodle.org/moodle/filter/tex/filter.php?r1=1.18.4.4&r2=1.18.4.5 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://secunia.com/advisories/34517 http://secunia.com/advisories/34557 http://secunia.com/advisories/34600 http://secunia.com/advisories/35570 http://tracker.moodle.org/browse/MDL-18552 http://www.debian.org/security/2009/dsa-1761 http://www.securityfocus.com/archive/1/5 • CWE-20: Improper Input Validation •