|
277321
|
6.1 |
MEDIUM
Network
|
moodle
|
moodle
|
Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly restrict the availability of Flowplayer, which allows remote attackers to conduct cross-site s…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5337
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277322
|
5.4 |
MEDIUM
Network
|
moodle
|
moodle
|
Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to …
|
CWE-79
Cross-site Scripting
|
CVE-2015-5336
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277323
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to…
|
CWE-352
CWE-200
Origin Validation Error
Information Exposure
|
CVE-2015-5335
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277324
|
6.8 |
MEDIUM
Network
|
moodle
|
moodle
|
Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autos…
|
CWE-399
Resource Management Errors
|
CVE-2015-5332
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277325
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct …
|
CWE-254
7PK - Security Features
|
CVE-2015-5331
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277326
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants."
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5272
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277327
|
5.4 |
MEDIUM
Network
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in group/overview.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to inject ar…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5269
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277328
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to …
|
CWE-264
CWE-200
Permissions, Privileges, and Access Controls
Information Exposure
|
CVE-2015-5268
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277329
|
7.5 |
HIGH
Network
|
moodle
|
moodle
|
lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mt_rand function to implement the random_string and complex_random_string…
|
CWE-200
CWE-254
Information Exposure
7PK - Security Features
|
CVE-2015-5267
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277330
|
6.8 |
MEDIUM
Network
|
moodle
|
moodle
|
The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager p…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5266
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
