|
280531
|
6.8 |
MEDIUM
Network
|
moodle
|
moodle
|
Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autos…
|
CWE-399
Resource Management Errors
|
CVE-2015-5332
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280532
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct …
|
CWE-254
7PK - Security Features
|
CVE-2015-5331
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280533
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants."
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5272
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280534
|
5.4 |
MEDIUM
Network
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in group/overview.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to inject ar…
|
CWE-79
Cross-site Scripting
|
CVE-2015-5269
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280535
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to …
|
CWE-264
CWE-200
Permissions, Privileges, and Access Controls
Information Exposure
|
CVE-2015-5268
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280536
|
7.5 |
HIGH
Network
|
moodle
|
moodle
|
lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mt_rand function to implement the random_string and complex_random_string…
|
CWE-200
CWE-254
Information Exposure
7PK - Security Features
|
CVE-2015-5267
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280537
|
6.8 |
MEDIUM
Network
|
moodle
|
moodle
|
The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager p…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5266
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280538
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
The wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 does not consider the mod/wiki:managefiles capability before authorizing file management, …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5265
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280539
|
5.4 |
MEDIUM
Network
|
moodle
|
moodle
|
The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter addition…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2015-5264
|
2024-11-21 11:32 |
2016-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280540
|
8.8 |
HIGH
Network
|
ibm
|
emptoris_contract_management
|
Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.…
|
CWE-352
Origin Validation Error
|
CVE-2015-5050
|
2024-11-21 11:32 |
2016-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
