CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2012-2366
https://notcve.org/view.php?id=CVE-2012-2366
mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors. mod/data/preset.php en Moodle v2.1.x anterior a v2.1.6 y v2.2.x anteriores a v2.2.3 no repite de forma adecuada el paso de una matriz, lo que permite a usuarios remotos autenticados a sobrescribir valores de la actividad en la base de datos a través de vectores no especificados. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31763 http://openwall.com/lists/oss-security/2012/05/23/2 •
CVSS: 4.0EPSS: 0%CPEs: 9EXPL: 0CVE-2012-2356
https://notcve.org/view.php?id=CVE-2012-2356
The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action. La funcionalidad question-bank en Moodle v2.1.x anteriores a v2.1.6 y v2.2.x anteriores a v2.2.3 permite usuarios remotos autenticados evitar los requisitos de capacidades establecidos y guardar preguntas a través de una acción save_question. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32239 http://openwall.com/lists/oss-security/2012/05/23/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 9EXPL: 0CVE-2012-2357
https://notcve.org/view.php?id=CVE-2012-2357
The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network. La característica Multi-Authentication en la función Central Authentication Service (CAS) en Moodle v2.1.x anterior a v2.1.6 y v2.2.x anteiores a v2.2.3 no utiliza HTTPS, lo que permite a atacantes remotos obtener credenciales espiando el tráfico de la red. • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=895e76ea51c462c18ad66e0761ad76cd26a63ecf http://openwall.com/lists/oss-security/2012/05/23/2 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 35EXPL: 0CVE-2012-2367
https://notcve.org/view.php?id=CVE-2012-2367
Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action. Moodle v1.9.x anteriores a v1.9.18, 2.0.x anteriores a v2.0.9, v2.1.x anteriores a v2.1.6, y v2.2.x anteriores a v2.2.3 permite a usuarios remotos autenticados a evitar los requisitos moodle/calendar:manageownentries y añadir una entrada a calendario a través de una acción nueva entrada. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-18335 http://openwall.com/lists/oss-security/2012/05/23/2 http://osvdb.org/82074 http://www.securityfocus.com/bid/53626 https://moodle.org/mod/forum/discuss.php?d=203057 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 18EXPL: 0CVE-2012-2364
https://notcve.org/view.php?id=CVE-2012-2364
Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en lib/filelib.php en Moodle v2.0.x antgeriores a v2.0.9, v2.1.x anteriores v2.1.6, y v2.2.x anteriores a v2.2.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un asignación de presentación con compresión ZIP, que conduce a un dibujo de un fichero text/html durante una acción "download all". • http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=ce4126c7a9e07dd0514f7ac297b5e60cad0b8d20 http://openwall.com/lists/oss-security/2012/05/23/2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •