Page 54 of 365 results (0.008 seconds)

CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0

The moodle_enrol_external:role_assign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated users to gain privileges by making a role assignment. El moodle_enrol_external:role_assign function in enrol/externallib.php en Moodle v2.0.x anterior a v2.0.4 y v2.1.x anterior a v2.1.1 no tiene una comprobación de autorización, permite a usuarios remotos autenticados obtener privilegios mediante una asignación de funciones. • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=d20f655d59cd486fd9b3a26ad353af13daafd1d3 http://moodle.org/mod/forum/discuss.php?d=182738 http://openwall.com/lists/oss-security/2011/11/14/1 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0

Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page. Moodle v2.0.x anterior a v2.0.3 no reconoce el valor de configuración que hace que direcciones de correo electrónico sólo visible para los miembros del curso, lo que permite a usuarios remotos autenticados obtener la información de dirección sensible a la lectura de una página de perfil completo. • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=181991e791a13a3c383234718c26c499e31d3df1 http://moodle.org/mod/forum/discuss.php?d=175591 http://openwall.com/lists/oss-security/2011/11/14/1 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0

lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by leveraging this role. lib/db/access.php en Moodle v2.0.x anterior a v2.0.4 y v2.1.x anterior a v2.1.1 asigna funciones incorrectas para el rol course-creator, permite a usuarios remotos autenticados para modificar los filtros del curso mediante el aprovechamiento de este papel. • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=88d823c1f491a3c74f67bbf74306a8d1109dee02 http://moodle.org/mod/forum/discuss.php?d=182739 http://openwall.com/lists/oss-security/2011/11/14/1 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0

Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations. Moodle v2.0.x antes de v2.0.3 permite a usuarios autenticados remotamente provocar una denegación de servicio (registros de base de datos no válidos) a través de una serie de operaciones de los comentarios manipuladas. • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=acb4688d29a7cc028803ee3d81edc7f1b6515c64 http://moodle.org/mod/forum/discuss.php?d=175594 http://openwall.com/lists/oss-security/2011/11/14/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive information from a myprofile (aka My profile) block by visiting a user-context page. Moodle v2.0.x anterior a v2.0.2 permite a ataacntes remotos obtener información desde un "mi perfil" (también conocido como "My profile")bloque, visitando una página clase. • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=0ab727fb35e5ae1d8316d96c6752ee9ebec4c185 http://moodle.org/mod/forum/discuss.php?d=170010 http://openwall.com/lists/oss-security/2011/11/14/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •