|
293271
|
- |
|
moodle
|
moodle
|
lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors.
|
CWE-20
Improper Input Validation
|
CVE-2012-0801
|
2024-11-21 10:35 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293272
|
- |
|
moodle
|
moodle
|
The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the …
|
CWE-200
Information Exposure
|
CVE-2012-0800
|
2024-11-21 10:35 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293273
|
- |
|
moodle
|
moodle
|
Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page.
|
CWE-200
Information Exposure
|
CVE-2012-0799
|
2024-11-21 10:35 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293274
|
- |
|
moodle
|
moodle
|
The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0798
|
2024-11-21 10:35 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293275
|
- |
|
moodle
|
moodle
|
The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a…
|
CWE-16
Configuration
|
CVE-2012-0797
|
2024-11-21 10:35 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293276
|
- |
|
moodle
|
moodle
|
class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated use…
|
CWE-94
Code Injection
|
CVE-2012-0796
|
2024-11-21 10:35 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293277
|
- |
|
moodle
|
moodle
|
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified im…
|
CWE-20
Improper Input Validation
|
CVE-2012-0795
|
2024-11-21 10:35 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293278
|
- |
|
moodle
|
moodle
|
The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easi…
|
CWE-255
Credentials Management
|
CVE-2012-0794
|
2024-11-21 10:35 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293279
|
- |
|
moodle
|
moodle
|
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0793
|
2024-11-21 10:35 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293280
|
- |
|
moodle
|
moodle
|
mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts.
|
CWE-200
Information Exposure
|
CVE-2012-0792
|
2024-11-21 10:35 |
2012-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
