|
294601
|
- |
|
moodle
|
moodle
|
comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and o…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4297
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294602
|
- |
|
moodle
|
moodle
|
lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 assigns incorrect capabilities to the course-creator role, which allows remote authenticated users to modify course filters by le…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4296
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294603
|
- |
|
moodle
|
moodle
|
The moodle_enrol_external:role_assign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated use…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4295
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294604
|
- |
|
moodle
|
moodle
|
The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle …
|
CWE-20
Improper Input Validation
|
CVE-2011-4294
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294605
|
- |
|
moodle
|
moodle
|
The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4293
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294606
|
- |
|
moodle
|
moodle
|
Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations.
|
CWE-89
SQL Injection
|
CVE-2011-4292
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294607
|
- |
|
moodle
|
moodle
|
Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted ratings operations.
|
NVD-CWE-noinfo
|
CVE-2011-4291
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294608
|
- |
|
moodle
|
moodle
|
Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4290
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294609
|
- |
|
moodle
|
moodle
|
Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4289
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294610
|
- |
|
moodle
|
moodle
|
Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary stude…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4288
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
