Moodle

Moodle

601 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2011-4283

  • EPSS 0.28%
  • Published 16.07.2012 10:28:36
  • Last modified 11.04.2025 00:51:21

Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml.

5

CVE-2011-4284

  • EPSS 0.28%
  • Published 16.07.2012 10:28:36
  • Last modified 11.04.2025 00:51:21

Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive information from a myprofile (aka My profile) block by visiting a user-context page.

5.5

CVE-2011-4285

  • EPSS 0.44%
  • Published 16.07.2012 10:28:36
  • Last modified 11.04.2025 00:51:21

The default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveraging the teacher role.

4.3

CVE-2011-4286

  • EPSS 0.3%
  • Published 16.07.2012 10:28:36
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors inv...

6.8

CVE-2011-4287

  • EPSS 0.49%
  • Published 16.07.2012 10:28:36
  • Last modified 11.04.2025 00:51:21

admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user.

4

CVE-2011-4288

  • EPSS 0.2%
  • Published 16.07.2012 10:28:36
  • Last modified 11.04.2025 00:51:21

Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary students by leveraging the teacher role.

4

CVE-2011-4289

  • EPSS 0.2%
  • Published 16.07.2012 10:28:36
  • Last modified 11.04.2025 00:51:21

Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address information by reading a full profile page.

4.3

CVE-2011-4290

  • EPSS 0.3%
  • Published 16.07.2012 10:28:36
  • Last modified 11.04.2025 00:51:21

Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding.

4

CVE-2011-4291

  • EPSS 0.46%
  • Published 16.07.2012 10:28:36
  • Last modified 11.04.2025 00:51:21

Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted ratings operations.

4

CVE-2011-4292

  • EPSS 0.57%
  • Published 16.07.2012 10:28:36
  • Last modified 11.04.2025 00:51:21

Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations.