|
305031
|
- |
|
moodle
|
moodle
|
The moodle_enrol_external:role_assign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated use…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4295
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305032
|
- |
|
moodle
|
moodle
|
The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before 2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link refers to an http or https URL for the local Moodle …
|
CWE-20
Improper Input Validation
|
CVE-2011-4294
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305033
|
- |
|
moodle
|
moodle
|
The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4293
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305034
|
- |
|
moodle
|
moodle
|
Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted comments operations.
|
CWE-89
SQL Injection
|
CVE-2011-4292
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305035
|
- |
|
moodle
|
moodle
|
Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted ratings operations.
|
NVD-CWE-noinfo
|
CVE-2011-4291
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305036
|
- |
|
moodle
|
moodle
|
Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4290
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305037
|
- |
|
moodle
|
moodle
|
Moodle 2.0.x before 2.0.3 does not recognize the configuration setting that makes e-mail addresses visible only to course members, which allows remote authenticated users to obtain sensitive address …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4289
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305038
|
- |
|
moodle
|
moodle
|
Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly implement associations between teachers and groups, which allows remote authenticated users to read quiz reports of arbitrary stude…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4288
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305039
|
- |
|
moodle
|
moodle
|
admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4287
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
305040
|
- |
|
moodle
|
moodle
|
Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to …
|
CWE-79
Cross-site Scripting
|
CVE-2011-4286
|
2024-11-21 10:32 |
2012-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
