Moodle

Moodle

601 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2011-4592

  • EPSS 0.16%
  • Veröffentlicht 20.07.2012 10:40:36
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which...

4

CVE-2011-4593

  • EPSS 0.2%
  • Veröffentlicht 20.07.2012 10:40:36
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface.

4

CVE-2011-4581

  • EPSS 0.2%
  • Veröffentlicht 20.07.2012 10:40:35
  • Zuletzt bearbeitet 11.04.2025 00:51:21

mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 allows remote authenticated users to discover the username of a wiki creator by visiting the history and deletion user interface.

4.9

CVE-2011-4582

  • EPSS 0.16%
  • Veröffentlicht 20.07.2012 10:40:35
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL.

6.5

CVE-2011-4583

  • EPSS 0.41%
  • Veröffentlicht 20.07.2012 10:40:35
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these ...

4

CVE-2011-4584

  • EPSS 0.24%
  • Veröffentlicht 20.07.2012 10:40:35
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET singl...

5

CVE-2011-4585

  • EPSS 0.39%
  • Veröffentlicht 20.07.2012 10:40:35
  • Zuletzt bearbeitet 11.04.2025 00:51:21

login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network.

5

CVE-2011-4586

  • EPSS 0.38%
  • Veröffentlicht 20.07.2012 10:40:35
  • Zuletzt bearbeitet 11.04.2025 00:51:21

CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks ...

6.8

CVE-2011-4587

  • EPSS 0.67%
  • Veröffentlicht 20.07.2012 10:40:35
  • Zuletzt bearbeitet 11.04.2025 00:51:21

lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible ex...

6.5

CVE-2012-0795

  • EPSS 0.61%
  • Veröffentlicht 17.07.2012 10:20:53
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address.