Moodle

Moodle

601 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2009-0502

  • EPSS 0.48%
  • Veröffentlicht 10.02.2009 02:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via a...

4.3

CVE-2008-5432

  • EPSS 0.65%
  • Veröffentlicht 11.12.2008 15:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).

6.9

CVE-2008-5153

Exploit
  • EPSS 0.03%
  • Veröffentlicht 18.11.2008 16:00:01
  • Zuletzt bearbeitet 09.04.2025 00:30:58

spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.

6

CVE-2008-3325

  • EPSS 0.4%
  • Veröffentlicht 25.07.2008 16:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.

2.6

CVE-2008-3326

Exploit
  • EPSS 0.55%
  • Veröffentlicht 25.07.2008 16:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).

4.3

CVE-2008-3327

  • EPSS 0.32%
  • Veröffentlicht 25.07.2008 16:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an error message.

4.3

CVE-2008-1502

Exploit
  • EPSS 1.09%
  • Veröffentlicht 25.03.2008 19:44:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks...

4.3

CVE-2008-0123

Exploit
  • EPSS 0.96%
  • Veröffentlicht 12.01.2008 01:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the insta...

4.3

CVE-2007-3555

  • EPSS 5.01%
  • Veröffentlicht 04.07.2007 15:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424.

7.8

CVE-2007-1647

  • EPSS 5.09%
  • Veröffentlicht 24.03.2007 00:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Moodle 1.5.2 and earlier stores sensitive information under the web root with insufficient access control, and provides directory listings, which allows remote attackers to obtain user names, password hashes, and other sensitive information via a dir...