Filtered by vendor Moodle
Subscriptions
Total
622 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4584 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site. | ||||
| CVE-2013-2242 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before authorizing daemon-mode chat, which allows remote authenticated users to bypass intended access restrictions via an HTTP session to a chat server. | ||||
| CVE-2013-4942 | 2 Moodle, Yahoo | 2 Moodle, Yui | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. | ||||
| CVE-2012-2357 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network. | ||||
| CVE-2012-2355 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature. | ||||
| CVE-2011-3757 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 2.0.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by webservice/xmlrpc/locallib.php and certain other files. | ||||
| CVE-2012-2354 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL. | ||||
| CVE-2012-2353 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section. | ||||
| CVE-2012-3387 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 2.3.x before 2.3.1 uses only a client-side check for whether references are permitted in a file upload, which allows remote authenticated users to bypass intended alias (aka shortcut) restrictions via a client that omits this check. | ||||
| CVE-2011-4284 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive information from a myprofile (aka My profile) block by visiting a user-context page. | ||||
| CVE-2011-4203 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable. | ||||
| CVE-2011-4587 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords. | ||||
| CVE-2013-2082 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request. | ||||
| CVE-2014-0010 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2025-04-11 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allow remote attackers to hijack the authentication of administrators for requests that delete (1) categories or (2) fields. | ||||
| CVE-2010-2229 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2012-0801 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors. | ||||
| CVE-2012-0797 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token. | ||||
| CVE-2012-0795 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address. | ||||
| CVE-2013-4341 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed. | ||||
| CVE-2012-0793 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors. | ||||