Moodle

Moodle

601 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4

CVE-2012-0796

  • EPSS 0.2%
  • Published 17.07.2012 10:20:53
  • Last modified 11.04.2025 00:51:21

class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors i...

5.5

CVE-2012-0797

  • EPSS 0.14%
  • Published 17.07.2012 10:20:53
  • Last modified 11.04.2025 00:51:21

The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token.

5.5

CVE-2012-0798

  • EPSS 0.19%
  • Published 17.07.2012 10:20:53
  • Last modified 11.04.2025 00:51:21

The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role.

4.3

CVE-2012-0799

  • EPSS 0.28%
  • Published 17.07.2012 10:20:53
  • Last modified 11.04.2025 00:51:21

Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page.

2.1

CVE-2012-0800

  • EPSS 0.07%
  • Published 17.07.2012 10:20:53
  • Last modified 11.04.2025 00:51:21

The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated b...

7.5

CVE-2012-0801

  • EPSS 0.4%
  • Published 17.07.2012 10:20:53
  • Last modified 11.04.2025 00:51:21

lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors.

4

CVE-2012-0792

  • EPSS 0.23%
  • Published 17.07.2012 10:20:52
  • Last modified 11.04.2025 00:51:21

mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts.

5

CVE-2012-0793

  • EPSS 0.46%
  • Published 17.07.2012 10:20:52
  • Last modified 11.04.2025 00:51:21

Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors.

5

CVE-2012-0794

  • EPSS 0.32%
  • Published 17.07.2012 10:20:52
  • Last modified 11.04.2025 00:51:21

The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic pro...

6.4

CVE-2011-4293

  • EPSS 0.2%
  • Published 16.07.2012 10:28:37
  • Last modified 11.04.2025 00:51:21

The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an opera...