CVSS: 9.1EPSS: 0%CPEs: 15EXPL: 0CVE-2009-4302
https://notcve.org/view.php?id=CVE-2009-4302
16 Dec 2009 — login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing. login/index_form.html en Moodle v1.8 anteriores a v1.8.11 y v1.9 anteriores a v1.9.7 enlaza a una pagina inicial en un puerto HTTP incluso cuando la pagina es servida desde un puerto HTTPS, lo qu... • http://docs.moodle.org/en/Moodle_1.8.11_release_notes • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2009-4303
https://notcve.org/view.php?id=CVE-2009-4303
16 Dec 2009 — Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified "secrets" in backup files, which might allow attackers to obtain sensitive information. Moodle v1.8 anteriores a v1.8.11 y v1.9 anteriores a v1.9.7 almacena (1) los hashes de las contraseñas y (2) "secretos" sin especificar en ficheros de copias de seguridad, lo que permitiría a atacantes obtener información sensible. • http://docs.moodle.org/en/Moodle_1.8.11_release_notes • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2009-4299
https://notcve.org/view.php?id=CVE-2009-4299
16 Dec 2009 — mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors. mod/glossary/showentry.php en el modulo Glossary en Moodle v1.8 anteriores a v1.8.11 y v1.9 anteriores a v1.9.7 no gestiona adecuadamente el acceso, lo que permite a atacantes leer entradas de "Glossary" sin autorizacion a traves de vectores desconocidos. • http://docs.moodle.org/en/Moodle_1.8.11_release_notes • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 2%CPEs: 27EXPL: 2CVE-2009-1171 – Moodle < 1.6.9/1.7.7/1.8.9/1.9.5 - File Disclosure
https://notcve.org/view.php?id=CVE-2009-1171
30 Mar 2009 — The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 before 1.8.9, and 1.9 before 1.9.5 allows user-assisted attackers to read arbitrary files via an input command in a "$$" sequence, which causes LaTeX to include the contents of the file. El filtro TeX en Moodle v1.6 anteriores a v1.6.9+, v1.7 anteriores a v1.7.7+, v1.8 anteriores a v1.8.9, y v1.9 anteriores a v1.9.5 permite a atacantes con la intervención del usuario leer ficheros de su elección mediante un comando "input" en secuencia con "... • https://www.exploit-db.com/exploits/8297 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 1CVE-2008-6124
https://notcve.org/view.php?id=CVE-2008-6124
13 Feb 2009 — SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL commands via a crafted selected attempt. Vulnerabilidad de inyección SQL en la función hotpot_delete_selected_attempts en report.php en el módulo the HotPot en Moodle v1.6 anteriores a 1.6.7, v1.7 anteriores a v1.7.5, v1.8 anteriores v1.8.6, y v1.9 anteriores a v1.9.... • http://cvs.moodle.org/moodle/mod/hotpot/report.php?r1=1.8.6.1&r2=1.8.6.2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2008-6125
https://notcve.org/view.php?id=CVE-2008-6125
13 Feb 2009 — Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors. Vulnerabilidad no especificada en el interface de edición de usuario en Moodel v1.5.x, v1.6 anteriores a v1.6.6, y v1.7 anteriores a v1.7.3 que permite a los usuarios remotos autenticados obtener privilegios a través de vectores desconocidos. • http://moodle.org/mod/forum/discuss.php?d=87971 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 25EXPL: 0CVE-2009-0500
https://notcve.org/view.php?id=CVE-2009-0500
10 Feb 2009 — Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el archivo course/lib.php en Moodle v1.6 anteriores a la v1.6.9, v1.7 anteriores a v1.7.7, v1.8 anteriores a v1.8.8, y v1.... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2009-0502
https://notcve.org/view.php?id=CVE-2009-0502
10 Feb 2009 — Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en blocks/html/block_html.php en Snoopy v1.2.3, como la utilizada en ... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2009-0501
https://notcve.org/view.php?id=CVE-2009-0501
10 Feb 2009 — Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors. Vulnerabilidad no especificada en la característica de exportar el Calendario (Calendar) de Moodle v1.8 anterior a v1.8.8 y v1.9 anterior a v1.9.4; permite a atacantes obtener información sensible y provocar "ataques por fuerza bruta en las cuentas de los usuarios" a través de vectores... • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html •
CVSS: 8.1EPSS: 0%CPEs: 16EXPL: 0CVE-2009-0499
https://notcve.org/view.php?id=CVE-2009-0499
10 Feb 2009 — Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en el código del foro de Moodle v1.7 anterior a v1.7.7, v1.8 anterior a v1.8.8 y v1.9 anterior a v1.9.4; permite a atacantes remotos eliminar los mensajes del foro no autorizados a través de un enlace o etiqueta IMG... • http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15 • CWE-352: Cross-Site Request Forgery (CSRF) •