|
277751
|
- |
|
moodle
|
moodle
|
tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows re…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7846
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277752
|
- |
|
moodle
|
moodle
|
The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which all…
|
CWE-255
Credentials Management
|
CVE-2014-7845
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277753
|
- |
|
moodle
|
moodle
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijac…
|
CWE-352
Origin Validation Error
|
CVE-2014-7838
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277754
|
- |
|
moodle
|
moodle
|
mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7837
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277755
|
- |
|
moodle
|
moodle
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack …
|
CWE-352
Origin Validation Error
|
CVE-2014-7836
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277756
|
- |
|
moodle
|
moodle
|
webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files co…
|
CWE-79
Cross-site Scripting
|
CVE-2014-7835
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277757
|
- |
|
moodle
|
moodle
|
mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussion…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7834
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277758
|
- |
|
moodle
|
moodle
|
mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authentica…
|
CWE-200
Information Exposure
|
CVE-2014-7833
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277759
|
- |
|
moodle
|
moodle
|
mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity l…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7832
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277760
|
- |
|
moodle
|
moodle
|
lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not consider the moodle/grade:viewhidden capability before displaying hidden grades, which allows remote authenticated users to obtai…
|
CWE-200
Information Exposure
|
CVE-2014-7831
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
