Moodle

Moodle

601 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4

CVE-2012-5481

  • EPSS 0.15%
  • Veröffentlicht 21.11.2012 12:55:03
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass the moodle/role:manage capability requirement and read all capability data by visiting the Check Permissions page.

6.5

CVE-2012-5471

  • EPSS 0.5%
  • Veröffentlicht 21.11.2012 12:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout.

4

CVE-2012-5472

  • EPSS 0.23%
  • Veröffentlicht 21.11.2012 12:55:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 allows remote authenticated users to bypass intended access restrictions via a modified value of a frozen form field.

4

CVE-2012-4400

  • EPSS 0.15%
  • Veröffentlicht 19.09.2012 10:57:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended upload-size restrictions via a -1 value in the maxbytes field.

4

CVE-2012-4401

  • EPSS 0.15%
  • Veröffentlicht 19.09.2012 10:57:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote authenticated users to bypass intended capability restrictions and perform certain topic changes by leveraging course-editing capabilities.

4.9

CVE-2012-4402

  • EPSS 0.18%
  • Veröffentlicht 19.09.2012 10:57:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly restrict the use of web-service tokens, which allows remote authenticated users to run arbitrary external-service functions via a token inte...

5

CVE-2012-4403

  • EPSS 0.28%
  • Veröffentlicht 19.09.2012 10:57:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly construct error responses for the drag-and-drop script, which allows remote attackers to obtain the installation path by sending a request for a nonexistent resource and then reading ...

5

CVE-2012-4407

  • EPSS 0.28%
  • Veröffentlicht 19.09.2012 10:57:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 does not properly check the publication state of blog files, which allows remote attackers to obtain sensitive information by reading a blog entry that reference...

5.5

CVE-2012-4408

  • EPSS 0.17%
  • Veröffentlicht 19.09.2012 10:57:07
  • Zuletzt bearbeitet 11.04.2025 00:51:21

course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and 2.3.x before 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass intended access restrictions via a reset operation.

4

CVE-2012-3398

  • EPSS 0.62%
  • Veröffentlicht 23.07.2012 21:55:05
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, 2.0.x before 2.0.10, 2.1.x before 2.1.7, and 2.2.x before 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature ...