Page 46 of 365 results (0.005 seconds)

CVSS: 4.0EPSS: 0%CPEs: 9EXPL: 0

CVE-2012-2355

https://notcve.org/view.php?id=CVE-2012-2355

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature. Moodle v2.1.x anteriores a v2.1.6 y v2.2.x anteiores a v2.2.3 permite a usuarios remotos autenticados a evitar los requisitos question:use* y añadir preguntas a un cuestionario a través de la caractérística questions. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32240 http://openwall.com/lists/oss-security/2012/05/23/2 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0

CVE-2012-2366

https://notcve.org/view.php?id=CVE-2012-2366

mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors. mod/data/preset.php en Moodle v2.1.x anterior a v2.1.6 y v2.2.x anteriores a v2.2.3 no repite de forma adecuada el paso de una matriz, lo que permite a usuarios remotos autenticados a sobrescribir valores de la actividad en la base de datos a través de vectores no especificados. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31763 http://openwall.com/lists/oss-security/2012/05/23/2 •

CVSS: 4.0EPSS: 0%CPEs: 9EXPL: 0

CVE-2012-2353

https://notcve.org/view.php?id=CVE-2012-2353

Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section. Moodle v2.1.x anteriores a v2.1.6 y v2.2.x anteriores a v2.2.3 permite a usuarios remotos autenticados a obtener información sensible del usuario de campos ocultos mediante el aumento del rol de profesor y nevegando a "enrolled users" bajo la sección "User Settings". • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31923 http://openwall.com/lists/oss-security/2012/05/23/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0

CVE-2012-2357

https://notcve.org/view.php?id=CVE-2012-2357

The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network. La característica Multi-Authentication en la función Central Authentication Service (CAS) en Moodle v2.1.x anterior a v2.1.6 y v2.2.x anteiores a v2.2.3 no utiliza HTTPS, lo que permite a atacantes remotos obtener credenciales espiando el tráfico de la red. • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=895e76ea51c462c18ad66e0761ad76cd26a63ecf http://openwall.com/lists/oss-security/2012/05/23/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0

CVE-2012-2359

https://notcve.org/view.php?id=CVE-2012-2359

admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability. admin/roles/override.php en Moodle v2.0.x anteriores a v2.0.9, v2.1.x anteiores a v2.1.6, y v2.2.x anteriores a v2.2.3 permite a usuarios remotos autenticados obtener privilegios mediante la elevación de privilegios del rol de profesor y modificando sus propias capacidades, como se demostró consiguiendo la capacidad backup:userinfo. • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=0f75e1e6272db0303abc8e27362e5c3a1344b82f http://openwall.com/lists/oss-security/2012/05/23/2 • CWE-264: Permissions, Privileges, and Access Controls •