Search Results (Refine Search)
- CPE Product Version: cpe:/a:moodle:moodle:2.4.1
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2013-1836 |
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access. Published: March 25, 2013; 5:55:04 PM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2013-1835 |
Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated administrators to obtain sensitive information from the external repositories of arbitrary users by leveraging the login_as feature. Published: March 25, 2013; 5:55:04 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2013-1834 |
notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated users to reassign notes via a modified (1) userid or (2) courseid field. Published: March 25, 2013; 5:55:04 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-1833 |
Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename. Published: March 25, 2013; 5:55:04 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2013-1832 |
repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance. Published: March 25, 2013; 5:55:04 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-1831 |
lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message. Published: March 25, 2013; 5:55:02 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-1830 |
user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search. Published: March 25, 2013; 5:55:02 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-1829 |
calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain potentially sensitive information by leveraging the student role. Published: March 25, 2013; 5:55:01 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |