Page 60 of 459 results (0.005 seconds)

CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0

The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout. Dropbox Repository File Picker en Moodle v2.1.x antes de v2.1.9, v2.2.x antes de v2.2.6, y v2.3.x antes de v2.3.3 permite a usuarios remotos autenticados acceder al Dropbox de un usuario diferente al aprovechar una estación de trabajo sin supervisión después de un cierre de sesión. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29872 http://openwall.com/lists/oss-security/2012/11/19/1 http://www.securityfocus.com/bid/56505 https://moodle.org/mod/forum/discuss.php?d=216155 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.4EPSS: 0%CPEs: 18EXPL: 0

The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote attackers to bypass intended restrictions on reading other participants' entries via an advanced search. El módulo Database activity en Moodle v2.1.x antes de v2.1.9, v2.2.x antes de v2.2.6, y v2.3.x antes de v2.3.3, permite a los atacantes remotos evitar las restricciones previstas en la lectura de las entradas de otros participantes a través de una búsqueda avanzada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35558 http://openwall.com/lists/oss-security/2012/11/19/1 http://www.securityfocus.com/bid/56505 https://moodle.org/mod/forum/discuss.php?d=216160 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0

Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass the moodle/role:manage capability requirement and read all capability data by visiting the Check Permissions page. Moodle v2.3.x antes de v2.3.3 permite a usuarios remotos autenticados evitar el requisito moodle/role:manage capability y leer todos los datos de capacidad visitando la página Check Permissions. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-35381 http://openwall.com/lists/oss-security/2012/11/19/1 http://www.securityfocus.com/bid/56505 https://moodle.org/mod/forum/discuss.php?d=216161 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0

The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to upload and execute files via a modified Portfolio API callback. El complemento Portfolio en Moodle v2.1.x antes de v2.1.9, v2.2.x antes de v2.2.6, y v2.3.x antes de v2.3.3 permite a usuarios remotos autenticados cargar y ejecutar archivos a través de una devolución de llamada modificada a la API Portfolio. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-33791 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36346 http://openwall.com/lists/oss-security/2012/11/19/1 http://www.securityfocus.com/bid/56505 https://moodle.org/mod/forum/discuss.php?d=216159 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.0EPSS: 0%CPEs: 7EXPL: 0

lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field. lib / formslib.php en Moodle v2.2.x antes de v2.2.6 y v2.3.x antes de v2.3.3 permite a usuarios remotos autenticados eludir restricciones de acceso previstas a través de un valor modificado de un campo de formulario congelado. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32785 http://openwall.com/lists/oss-security/2012/11/19/1 http://www.securityfocus.com/bid/56505 https://moodle.org/mod/forum/discuss.php?d=216156 • CWE-264: Permissions, Privileges, and Access Controls •