|
274001
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5342
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274002
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access re…
|
CWE-264
CWE-200
Permissions, Privileges, and Access Controls
Information Exposure
|
CVE-2015-5341
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274003
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sen…
|
CWE-264
CWE-200
Permissions, Privileges, and Access Controls
Information Exposure
|
CVE-2015-5340
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274004
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
The core_enrol_get_enrolled_users web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement group-base…
|
CWE-264
CWE-200
Permissions, Privileges, and Access Controls
Information Exposure
|
CVE-2015-5339
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274005
|
8.8 |
HIGH
Network
|
moodle
|
moodle
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hij…
|
CWE-352
Origin Validation Error
|
CVE-2015-5338
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274006
|
6.1 |
MEDIUM
Network
|
moodle
|
moodle
|
Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly restrict the availability of Flowplayer, which allows remote attackers to conduct cross-site s…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5337
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274007
|
5.4 |
MEDIUM
Network
|
moodle
|
moodle
|
Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to …
|
CWE-79
Cross-site Scripting
|
CVE-2015-5336
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274008
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to…
|
CWE-352
CWE-200
Origin Validation Error
Information Exposure
|
CVE-2015-5335
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274009
|
6.8 |
MEDIUM
Network
|
moodle
|
moodle
|
Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autos…
|
CWE-399
Resource Management Errors
|
CVE-2015-5332
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274010
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct …
|
CWE-254
7PK - Security Features
|
CVE-2015-5331
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
