Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:moodle:moodle:1.9.7:*:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-2367 |
Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action. Published: July 20, 2012; 11:38:56 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2012-2363 |
SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event. Published: July 20, 2012; 11:38:56 PM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2012-2362 |
Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php. Published: July 20, 2012; 11:38:56 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2011-4593 |
Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface. Published: July 20, 2012; 6:40:36 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2011-4588 |
The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request. Published: July 20, 2012; 6:40:36 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-4587 |
lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible existence of user accounts that have unchangeable blank passwords. Published: July 20, 2012; 6:40:35 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2011-4586 |
CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Published: July 20, 2012; 6:40:35 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-4585 |
login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network. Published: July 20, 2012; 6:40:35 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-4584 |
The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as demonstrated by a Mahara site. Published: July 20, 2012; 6:40:35 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2012-0796 |
class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header. Published: July 17, 2012; 6:20:53 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2012-0795 |
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address. Published: July 17, 2012; 6:20:53 AM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2012-0794 |
The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution. Published: July 17, 2012; 6:20:52 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-0793 |
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors. Published: July 17, 2012; 6:20:52 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2012-0792 |
mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts. Published: July 17, 2012; 6:20:52 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2011-4294 |
The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle instance, which might allow attackers to trick users into visiting arbitrary web sites via unspecified vectors. Published: July 16, 2012; 6:28:37 AM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2011-4290 |
Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding. Published: July 16, 2012; 6:28:36 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-4288 |
Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role. Published: July 16, 2012; 6:28:36 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2011-4286 |
Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos. Published: July 16, 2012; 6:28:36 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-4283 |
Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml. Published: July 16, 2012; 6:28:36 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-4278 |
Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: July 16, 2012; 6:28:36 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |