|
299371
|
- |
|
moodle
|
moodle
|
mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4308
|
2024-11-21 10:32 |
2012-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299372
|
- |
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the sectio…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4307
|
2024-11-21 10:32 |
2012-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299373
|
- |
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in course/editsection.html in Moodle 1.9.x before 1.9.14 allows remote authenticated users to inject arbitrary web script or HTML via crafted data.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4306
|
2024-11-21 10:32 |
2012-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299374
|
- |
|
moodle
|
moodle
|
message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote authenticated users to cause a denial of service (infinite request loop) via a URL that specifies a zero wait time for message refreshi…
|
CWE-189
Numeric Errors
|
CVE-2011-4305
|
2024-11-21 10:32 |
2012-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299375
|
- |
|
moodle
|
moodle
|
The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to discover the name of any user via a beep operation.
|
CWE-200
Information Exposure
|
CVE-2011-4304
|
2024-11-21 10:32 |
2012-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299376
|
- |
|
moodle
|
moodle
|
lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not set the correct registration_hubs.secret value during installation, which allows remote attackers to bypass intended ac…
|
CWE-310
Cryptographic Issues
|
CVE-2011-4303
|
2024-11-21 10:32 |
2012-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299377
|
- |
|
moodle
|
moodle
|
mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the openssl_verify function, which allows remote…
|
CWE-20
Improper Input Validation
|
CVE-2011-4302
|
2024-11-21 10:32 |
2012-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299378
|
- |
|
moodle
|
moodle
|
The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which…
|
NVD-CWE-noinfo
|
CVE-2011-4301
|
2024-11-21 10:32 |
2012-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299379
|
- |
|
moodle
|
moodle
|
The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4300
|
2024-11-21 10:32 |
2012-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299380
|
- |
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via a wik…
|
CWE-79
Cross-site Scripting
|
CVE-2011-4299
|
2024-11-21 10:32 |
2012-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
