|
285661
|
- |
|
moodle
|
moodle
|
lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error mes…
|
CWE-200
Information Exposure
|
CVE-2014-7848
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285662
|
- |
|
moodle
|
moodle
|
iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote attackers to cause a denial of service (resource consumption) by triggering t…
|
CWE-399
Resource Management Errors
|
CVE-2014-7847
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285663
|
- |
|
moodle
|
moodle
|
tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows re…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7846
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285664
|
- |
|
moodle
|
moodle
|
The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which all…
|
CWE-255
Credentials Management
|
CVE-2014-7845
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285665
|
- |
|
moodle
|
moodle
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijac…
|
CWE-352
Origin Validation Error
|
CVE-2014-7838
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285666
|
- |
|
moodle
|
moodle
|
mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7837
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285667
|
- |
|
moodle
|
moodle
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijack …
|
CWE-352
Origin Validation Error
|
CVE-2014-7836
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285668
|
- |
|
moodle
|
moodle
|
webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files co…
|
CWE-79
Cross-site Scripting
|
CVE-2014-7835
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285669
|
- |
|
moodle
|
moodle
|
mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussion…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7834
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285670
|
- |
|
moodle
|
moodle
|
mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 sets a certain group ID to zero upon a database-entry change, which allows remote authentica…
|
CWE-200
Information Exposure
|
CVE-2014-7833
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
