Moodle — система управления образовательными электронными курсами

lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts.

lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x befo ...

lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.

lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x befor ...

iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote attackers to cause a denial of service (resource consumption) by triggering the calculation of an estimated latitude and longitude for an IP address.

iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...

tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows remote authenticated users to bypass intended access restrictions via an AJAX request.

tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, ...

The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack.

The generate_password function in Moodle through 2.4.11, 2.5.x before ...