Page 56 of 503 results (0.003 seconds)

CVSS: 6.0EPSS: 0%CPEs: 35EXPL: 0

Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to execute arbitrary code via a calculated question in a quiz. Moodle hasta 2.3.11, 2.4.x anterior a 2.4.11, 2.5.x anterior a 2.5.7, 2.6.x anterior a 2.6.4 y 2.7.x anterior a 2.7.1 permite a usuarios remotos autenticados ejecutar código arbitrario a través de una pregunta calculada en un cuestionario. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148 http://openwall.com/lists/oss-security/2014/07/21/1 https://moodle.org/mod/forum/discuss.php?d=264266 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 3.5EPSS: 0%CPEs: 35EXPL: 4

Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field. Vulnerabilidad de XSS en user/profile.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.11, 2.5.x anterior a 2.5.7, 2.6.x anterior a 2.6.4 y 2.7.x anterior a 2.7.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través del campo del perfil de ID de Skype. Moodle version 2.7 suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/34169 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683 http://openwall.com/lists/oss-security/2014/07/21/1 http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss http://osvdb.org/show/osvdb/109337 http://packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.html http://www.exploit-db.com/exploits/34169 http://www.securityfocus.com/bid/68756 https://github.com/moodle • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 64EXPL: 0

Cross-site scripting (XSS) vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en el repositorio de URL de descarga en repository/url/lib.php en Moodle hasta 2.3.11, 2.4.x hasta 2.4.10, 2.5.x anterior a 2.5.6 y 2.6.x anterior a 2.6.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45332 http://openwall.com/lists/oss-security/2014/05/19/1 http://www.securityfocus.com/bid/67479 https://moodle.org/mod/forum/discuss.php?d=260366 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 64EXPL: 0

Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests. Múltiples vulnerabilidades de CSRF en mod/assign/locallib.php en el subsistema Assignment en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.10, 2.5.x anterior a 2.5.6 y 2.6.x anterior a 2.6.3 permiten a atacantes remotos secuestrar la autenticación de profesores para solicitudes de calificación rápida. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44606 http://openwall.com/lists/oss-security/2014/05/19/1 https://moodle.org/mod/forum/discuss.php?d=260361 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.0EPSS: 0%CPEs: 64EXPL: 0

The My Home implementation in the block_html_pluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly restrict file access, which allows remote attackers to obtain sensitive information by visiting an HTML block. La implementación My Home en la función block_html_pluginfile en blocks/html/lib.php en Moodle hasta 2.3.11, 2.4.x anterior a 2.4.10, 2.5.x anterior a 2.5.6 y 2.6.x anterior a 2.6.3 no restringe debidamente acceso a archivos, lo que permite a atacantes remotos obtener información sensible mediante la visita a un bloque HTML. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877 http://openwall.com/lists/oss-security/2014/05/19/1 https://moodle.org/mod/forum/discuss.php?d=260364 • CWE-264: Permissions, Privileges, and Access Controls •