CVE-2012-6098
https://notcve.org/view.php?id=CVE-2012-6098
grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated users to convert custom outcomes into standard site-wide outcomes by leveraging the teacher role and using the re-editing feature. grade/edit/outcome/edit_form.php en Moodle v1.9.x a la v1.9.19, 2.1.x anterior a v2.1.10, v2.2.x anterior a v2.2.7, v2.3.x anterior a v2.3.4, y v2.4.x anterior a v2.4.1 no maneja adecuadamente los requisitos "moodle/grade:manage capability", lo que permite a usuarios remotos autentificados convertir los resultados personalizados en el estándar de todo el sitio mediante el aprovechamiento de los resultados del rol de profesor y utilizando la funcionalidad de reeditar. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-27619 http://openwall.com/lists/oss-security/2013/01/21/1 https://moodle.org/mod/forum/discuss.php?d=220158 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-6104
https://notcve.org/view.php?id=CVE-2012-6104
blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 allows remote attackers to obtain sensitive information from site-level blogs by leveraging the guest role and reading an RSS feed. blog/rsslib.php en Moodle v2.2.x antes de v2.2.7, v2.3.x antes de v2.3.4, v2.4.1 y antes de v2.4.x , permite a atacantes remotos obtener información sensible de los blogs a nivel de sitio, aprovechando el papel de la huésped y de la lectura un feed RSS. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36620 http://openwall.com/lists/oss-security/2013/01/21/1 https://moodle.org/mod/forum/discuss.php?d=220165 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2012-6106
https://notcve.org/view.php?id=CVE-2012-6106
calendar/managesubscriptions.php in the Manage Subscriptions implementation in Moodle 2.4.x before 2.4.1 omits a capability check, which allows remote authenticated users to remove course-level calendar subscriptions by leveraging the student role and sending an iCalendar object. calendar/managesubscriptions.php en Manage Subscriptions implementation in Moodle 2.4.x antes de v2.4.1 omite una comprobacion de capacidad, que permite a usuarios remotos autenticados para eliminar a nivel de curso suscripciones a calendarios al aprovechar el papel del estudiante y el envío de un objeto iCalendar. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37106 http://openwall.com/lists/oss-security/2013/01/21/1 https://moodle.org/mod/forum/discuss.php?d=220167 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2012-6105
https://notcve.org/view.php?id=CVE-2012-6105
blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 continues to provide a blog RSS feed after blogging is disabled, which allows remote attackers to obtain sensitive information by reading this feed. blog/rsslib.php en Moodle v2.1.x antes de v2.1.10, v2.2.x antes de v2.2.7, v2.3.x antes de v2.3.4, v2.4.x antes de v2.4.1 que continúa proporcionando un canal de blog RSS después de blogging se desactive , que permite a atacantes remotos obtener información sensible mediante la lectura de este feed. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37467 http://openwall.com/lists/oss-security/2013/01/21/1 https://moodle.org/mod/forum/discuss.php?d=220166 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2012-6100
https://notcve.org/view.php?id=CVE-2012-6100
report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/user:viewhiddendetails capability requirement, which allows remote authenticated users to discover a hidden lastaccess value by reading an activity report. report/outline/index.php en Moodle v2.2.x anterior a v2.2.7, v2.3.x anterior a v2.3.4, y v2.4.x anterior a v2.4.1 o se aplican correctamente el requisito "moodle/user:viewhiddendetails capability", lo que permite a atacantes remotos autentificados descubrir un valor oculto "lastaccess" a través de la lectura del reporte de actividad. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33340 http://openwall.com/lists/oss-security/2013/01/21/1 https://moodle.org/mod/forum/discuss.php?d=220161 • CWE-264: Permissions, Privileges, and Access Controls •