Export limit exceeded: 334948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (632 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-4592 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The command-line cron implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly interact with IP blocking, which might allow remote attackers to bypass intended IP address restrictions by leveraging a configuration in which IP blocking was disabled to restore cron functionality. | ||||
| CVE-2011-4593 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface. | ||||
| CVE-2012-0792 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts. | ||||
| CVE-2012-0793 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors. | ||||
| CVE-2012-0794 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by reading this script's source code within the open-source software distribution. | ||||
| CVE-2012-0795 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address. | ||||
| CVE-2012-0796 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1) From: or (2) Sender: header. | ||||
| CVE-2012-0797 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token. | ||||
| CVE-2012-0798 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role. | ||||
| CVE-2012-0799 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page. | ||||
| CVE-2012-0800 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on an iPad device. | ||||
| CVE-2012-0801 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors. | ||||
| CVE-2012-2353 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section. | ||||
| CVE-2012-2354 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL. | ||||
| CVE-2012-2355 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature. | ||||
| CVE-2012-2356 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action. | ||||
| CVE-2012-2357 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network. | ||||
| CVE-2012-2358 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist. | ||||
| CVE-2012-2359 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to gain privileges by leveraging the teacher role and modifying their own capabilities, as demonstrated by obtaining the backup:userinfo capability. | ||||
| CVE-2012-2360 | 1 Moodle | 1 Moodle | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title. | ||||