CVSS: 4.3EPSS: 0%CPEs: 32EXPL: 0CVE-2013-2081
https://notcve.org/view.php?id=CVE-2013-2081
Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data. Moodle hasta v2.1.10, v2.2.x hasta v2.2.10, v2.3.x hasta v2.3.7, y v2.4.x hasta v2.4.4 no considera los atributos "no enviar" el registro de centros, lo que permite a los centros remotos obtener información sensible del sitio mediante la lectura de los datos del formulario. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37822 http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html http://openwall.com/lists/oss-security/2013/05/21/1 https://moodle.org/mod/forum/discuss.php?d=228933 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 36EXPL: 0CVE-2013-1835
https://notcve.org/view.php?id=CVE-2013-1835
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature. Moodle v2.x hasta v2.1.10, v2.2.x anterior a v2.2.8, v2.3.x anterior a v2.3.5, y v2.4.x anterior a v2.4.2 permite a usuarios administradores autenticados remotamente obtener información de repositorios externos de cualquier usuario aprovechando la característica login_as. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36426 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html http://openwall.com/lists/oss-security/2013/03/25/2 https://moodle.org/mod/forum/discuss.php?d=225347 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: 36EXPL: 0CVE-2013-1833
https://notcve.org/view.php?id=CVE-2013-1833
Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en el modulo File Picker de Moodle v2.x hasta v2.1.10, v2.2.x anterior a v2.2.8, v2.3.x anterior a v2.3.5, y v2.4.x anterior a v2.4.2 permite a usuarios autenticados de forma remota inyectar código script web de su elección o HTML a través de un nombre de fichero manipulado. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html http://openwall.com/lists/oss-security/2013/03/25/2 https://moodle.org/mod/forum/discuss.php?d=225344 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 36EXPL: 0CVE-2013-1832
https://notcve.org/view.php?id=CVE-2013-1832
repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance. repository/webdav/lib.php en Moodle v2.x hasta v2.1.10, v2.2.x anterior a v2.2.8, v2.3.x anterior a v2.3.5, y v2.4.x anterior a v2.4.2 incluye la contraseña en el formulario de configuración, que permite a los administradores remotos autenticados obtener información confidencial mediante la configuración de una instancia. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37681 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html http://openwall.com/lists/oss-security/2013/03/25/2 https://moodle.org/mod/forum/discuss.php?d=225343 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 55EXPL: 0CVE-2013-1834
https://notcve.org/view.php?id=CVE-2013-1834
notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated users to reassign notes via a modified (1) userid or (2) courseid field. notes/edit.php de Moodle v1.9.x hasta v1.9.19, v2.x hasta v2.1.10, v2.2.x hasta v2.2.8, v2.3.x anterior a v2.3.5, y v2.4.x anterior a v2.4.2 permite a usuarios remotamente autenticados asignar notas a través de modificaciones en (1) el campo userid ó (2) en el campo courseid. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37411 http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html http://openwall.com/lists/oss-security/2013/03/25/2 https://moodle.org/mod/forum/discuss.php?d=225346 • CWE-264: Permissions, Privileges, and Access Controls •