|
297481
|
- |
|
moodle
|
moodle
|
Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for ims…
|
CWE-200
Information Exposure
|
CVE-2011-4283
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297482
|
- |
|
moodle
|
moodle
|
Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or H…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4282
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297483
|
- |
|
moodle
|
moodle
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 2.0.x before 2.0.2 allow remote attackers to hijack the authentication of arbitrary users for requests that mark the completion of…
|
CWE-352
Origin Validation Error
|
CVE-2011-4281
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297484
|
- |
|
moodle
nimish_pachapurkar
|
moodle
spike_phpcoverage
|
Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka spikephpcoverage) library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary …
|
CWE-79
Cross-site Scripting
|
CVE-2011-4280
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297485
|
- |
|
moodle
|
moodle
|
Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control, which makes it easier for remote attackers to obtain potentially sensitive information via…
|
CWE-200
Information Exposure
|
CVE-2011-4279
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297486
|
- |
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via …
|
CWE-79
Cross-site Scripting
|
CVE-2011-4278
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297487
|
- |
|
moodle
|
moodle
|
Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4309
|
2024-11-21 10:32 |
2012-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297488
|
- |
|
moodle
|
moodle
|
mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4308
|
2024-11-21 10:32 |
2012-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297489
|
- |
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the sectio…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4307
|
2024-11-21 10:32 |
2012-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297490
|
- |
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in course/editsection.html in Moodle 1.9.x before 1.9.14 allows remote authenticated users to inject arbitrary web script or HTML via crafted data.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4306
|
2024-11-21 10:32 |
2012-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
