Moodle

Moodle

601 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2014-7847

  • EPSS 0.73%
  • Published 24.11.2014 11:59:12
  • Last modified 12.04.2025 10:46:40

iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote attackers to cause a denial of service (resource consumption) by triggering the calculation of an estimated latitude and longitu...

4

CVE-2014-7846

  • EPSS 0.24%
  • Published 24.11.2014 11:59:11
  • Last modified 12.04.2025 10:46:40

tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access ...

7.5

CVE-2014-7845

  • EPSS 0.71%
  • Published 24.11.2014 11:59:10
  • Last modified 12.04.2025 10:46:40

The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-f...

6.8

CVE-2014-7838

  • EPSS 0.17%
  • Published 24.11.2014 11:59:08
  • Last modified 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for request...

5.5

CVE-2014-7837

  • EPSS 0.61%
  • Published 24.11.2014 11:59:07
  • Last modified 12.04.2025 10:46:40

mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a different subwiki.

6.8

CVE-2014-7836

  • EPSS 0.17%
  • Published 24.11.2014 11:59:06
  • Last modified 12.04.2025 10:46:40

Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication of arbitrary users for a (1) mod...

2.1

CVE-2014-7835

  • EPSS 0.18%
  • Published 24.11.2014 11:59:05
  • Last modified 12.04.2025 10:46:40

webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross...

4

CVE-2014-7834

  • EPSS 0.19%
  • Published 24.11.2014 11:59:04
  • Last modified 12.04.2025 10:46:40

mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service.

4

CVE-2014-7833

  • EPSS 0.27%
  • Published 24.11.2014 11:59:03
  • Last modified 12.04.2025 10:46:40

mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authenticated users to obtain sensitive information by access...

4

CVE-2014-7832

  • EPSS 0.24%
  • Published 24.11.2014 11:59:02
  • Last modified 12.04.2025 10:46:40

mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to by...