CVSS: 4.0EPSS: 0%CPEs: 35EXPL: 0CVE-2012-2367
https://notcve.org/view.php?id=CVE-2012-2367
Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action. Moodle v1.9.x anteriores a v1.9.18, 2.0.x anteriores a v2.0.9, v2.1.x anteriores a v2.1.6, y v2.2.x anteriores a v2.2.3 permite a usuarios remotos autenticados a evitar los requisitos moodle/calendar:manageownentries y añadir una entrada a calendario a través de una acción nueva entrada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-18335 http://openwall.com/lists/oss-security/2012/05/23/2 http://osvdb.org/82074 http://www.securityfocus.com/bid/53626 https://moodle.org/mod/forum/discuss.php?d=203057 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 9EXPL: 0CVE-2012-2354
https://notcve.org/view.php?id=CVE-2012-2354
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL. Moodle v2.1.x anteriores a v2.1.6 y v2.2.x anteriores a v2.2.3 permite a usuarios remotos autenticados a evitar los requisitos de la característica moodle/site:readallmessages y leer mensajes utilizando la característica "Recent conversations" con un parámetro modificado en la URL. • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=48e03792ca8faa2d781f9ef74606f3b3f0d3baec http://openwall.com/lists/oss-security/2012/05/23/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 9EXPL: 0CVE-2012-2355
https://notcve.org/view.php?id=CVE-2012-2355
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature. Moodle v2.1.x anteriores a v2.1.6 y v2.2.x anteiores a v2.2.3 permite a usuarios remotos autenticados a evitar los requisitos question:use* y añadir preguntas a un cuestionario a través de la caractérística questions. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32240 http://openwall.com/lists/oss-security/2012/05/23/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2012-2357
https://notcve.org/view.php?id=CVE-2012-2357
The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network. La característica Multi-Authentication en la función Central Authentication Service (CAS) en Moodle v2.1.x anterior a v2.1.6 y v2.2.x anteiores a v2.2.3 no utiliza HTTPS, lo que permite a atacantes remotos obtener credenciales espiando el tráfico de la red. • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=895e76ea51c462c18ad66e0761ad76cd26a63ecf http://openwall.com/lists/oss-security/2012/05/23/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 9EXPL: 0CVE-2012-2353
https://notcve.org/view.php?id=CVE-2012-2353
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section. Moodle v2.1.x anteriores a v2.1.6 y v2.2.x anteriores a v2.2.3 permite a usuarios remotos autenticados a obtener información sensible del usuario de campos ocultos mediante el aumento del rol de profesor y nevegando a "enrolled users" bajo la sección "User Settings". • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31923 http://openwall.com/lists/oss-security/2012/05/23/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •