|
303261
|
- |
|
moodle
|
moodle
|
Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations.
|
CWE-89
SQL Injection
|
CVE-2011-4292
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303262
|
- |
|
moodle
|
moodle
|
Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted ratings operations.
|
NVD-CWE-noinfo
|
CVE-2011-4291
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303263
|
- |
|
moodle
|
moodle
|
Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4290
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303264
|
- |
|
moodle
|
moodle
|
Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4289
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303265
|
- |
|
moodle
|
moodle
|
Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary stude…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4288
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303266
|
- |
|
moodle
|
moodle
|
admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4287
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303267
|
- |
|
moodle
|
moodle
|
Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to …
|
CWE-79
Cross-site Scripting
|
CVE-2011-4286
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303268
|
- |
|
moodle
|
moodle
|
The default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveragi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4285
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303269
|
- |
|
moodle
|
moodle
|
Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive information from a myprofile (aka My profile) block by visiting a user-context page.
|
CWE-200
Information Exposure
|
CVE-2011-4284
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
303270
|
- |
|
moodle
|
moodle
|
Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for ims…
|
CWE-200
Information Exposure
|
CVE-2011-4283
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
