Total
524 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-4208 | 3 Moodle, Mozilla, Yahoo | 3 Moodle, Bugzilla, Yui | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf. | |||||
CVE-2010-1615 | 1 Moodle | 1 Moodle | 2023-12-10 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php. | |||||
CVE-2010-4207 | 3 Moodle, Mozilla, Yahoo | 3 Moodle, Bugzilla, Yui | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf. | |||||
CVE-2010-2228 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username. | |||||
CVE-2010-2231 | 1 Moodle | 1 Moodle | 2023-12-10 | 6.8 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter. | |||||
CVE-2010-1616 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.0 MEDIUM | N/A |
Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability. | |||||
CVE-2010-1617 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.0 MEDIUM | N/A |
user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page. | |||||
CVE-2009-4302 | 1 Moodle | 1 Moodle | 2023-12-10 | 5.0 MEDIUM | N/A |
login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing. | |||||
CVE-2009-4303 | 1 Moodle | 1 Moodle | 2023-12-10 | 5.0 MEDIUM | N/A |
Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified "secrets" in backup files, which might allow attackers to obtain sensitive information. | |||||
CVE-2009-4301 | 1 Moodle | 1 Moodle | 2023-12-10 | 6.0 MEDIUM | N/A |
mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions. | |||||
CVE-2009-0501 | 1 Moodle | 1 Moodle | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors. | |||||
CVE-2009-0500 | 1 Moodle | 1 Moodle | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report. | |||||
CVE-2008-3325 | 2 Debian, Moodle | 2 Debian Linux, Moodle | 2023-12-10 | 6.0 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page. | |||||
CVE-2008-1502 | 2 Egroupware, Moodle | 2 Egroupware, Moodle | 2023-12-10 | 4.3 MEDIUM | N/A |
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols. | |||||
CVE-2008-3326 | 1 Moodle | 1 Moodle | 2023-12-10 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title). | |||||
CVE-2009-4304 | 1 Moodle | 1 Moodle | 2023-12-10 | 7.5 HIGH | N/A |
Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks. | |||||
CVE-2008-6125 | 2 Debian, Moodle | 2 Debian Linux, Moodle | 2023-12-10 | 6.5 MEDIUM | N/A |
Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors. | |||||
CVE-2009-4300 | 1 Moodle | 1 Moodle | 2023-12-10 | 5.0 MEDIUM | N/A |
Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors. | |||||
CVE-2009-4305 | 1 Moodle | 1 Moodle | 2023-12-10 | 6.5 MEDIUM | N/A |
SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)." | |||||
CVE-2009-0502 | 2 Moodle, Snoopy | 2 Moodle, Snoopy | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page. |