|
294421
|
- |
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in the print_object function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remo…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4591
|
2024-11-21 10:32 |
2012-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294422
|
- |
|
moodle
|
moodle
|
The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows re…
|
CWE-287
Improper Authentication
|
CVE-2011-4590
|
2024-11-21 10:32 |
2012-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294423
|
- |
|
moodle
|
moodle
|
backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not check for the moodle/course:changeidnumber privilege during handling of course ID numbers, which allow…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4589
|
2024-11-21 10:32 |
2012-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294424
|
- |
|
moodle
|
moodle
|
The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC requ…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4588
|
2024-11-21 10:32 |
2012-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294425
|
- |
|
moodle
|
moodle
|
lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attac…
|
CWE-255
Credentials Management
|
CVE-2011-4587
|
2024-11-21 10:32 |
2012-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294426
|
- |
|
moodle
|
moodle
|
CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP h…
|
NVD-CWE-Other
|
CVE-2011-4586
|
2024-11-21 10:32 |
2012-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294427
|
- |
|
moodle
|
moodle
|
login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials b…
|
CWE-16
Configuration
|
CVE-2011-4585
|
2024-11-21 10:32 |
2012-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294428
|
- |
|
moodle
|
moodle
|
The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4584
|
2024-11-21 10:32 |
2012-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294429
|
- |
|
moodle
|
moodle
|
Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated us…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4583
|
2024-11-21 10:32 |
2012-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294430
|
- |
|
moodle
|
moodle
|
Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirec…
|
CWE-20
Improper Input Validation
|
CVE-2011-4582
|
2024-11-21 10:32 |
2012-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
