Логотип exploitDog
product: "moodle"
Консоль
Логотип exploitDog

exploitDog

product: "moodle"
Moodle

Moodleсистема управления образовательными электронными курсами

Релизный цикл, информация об уязвимостях

Продукт: Moodle
Вендор: moodle

График релизов

4.55.05.120242025202620272028

Недавние уязвимости Moodle

Количество 2 647

ubuntu логотип

CVE-2015-2268

больше 10 лет назад

filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression.

CVSS2: 6.8
EPSS: Низкий
ubuntu логотип

CVE-2015-1493

больше 10 лет назад

Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading PHP scripts.

CVSS2: 6.8
EPSS: Низкий
ubuntu логотип

CVE-2015-0213

больше 10 лет назад

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims.

CVSS2: 6.8
EPSS: Низкий
ubuntu логотип

CVE-2015-0212

больше 10 лет назад

Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary.

CVSS2: 3.5
EPSS: Низкий
ubuntu логотип

CVE-2015-2269

больше 10 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element.

CVSS2: 3.5
EPSS: Низкий
ubuntu логотип

CVE-2015-0215

больше 10 лет назад

calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request.

CVSS2: 4
EPSS: Низкий
ubuntu логотип

CVE-2015-3175

больше 10 лет назад

Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header.

CVSS2: 5.8
EPSS: Низкий
ubuntu логотип

CVE-2015-2272

больше 10 лет назад

login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token.

CVSS2: 4
EPSS: Низкий
ubuntu логотип

CVE-2015-3176

больше 10 лет назад

The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2015-3178

больше 10 лет назад

Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.

CVSS2: 3.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
1
ubuntu логотип
CVE-2015-2268

filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression.

CVSS2: 6.8
1%
Низкий
больше 10 лет назад
ubuntu логотип
CVE-2015-1493

Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading PHP scripts.

CVSS2: 6.8
1%
Низкий
больше 10 лет назад
ubuntu логотип
CVE-2015-0213

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims.

CVSS2: 6.8
0%
Низкий
больше 10 лет назад
ubuntu логотип
CVE-2015-0212

Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary.

CVSS2: 3.5
0%
Низкий
больше 10 лет назад
ubuntu логотип
CVE-2015-2269

Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element.

CVSS2: 3.5
1%
Низкий
больше 10 лет назад
ubuntu логотип
CVE-2015-0215

calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request.

CVSS2: 4
0%
Низкий
больше 10 лет назад
ubuntu логотип
CVE-2015-3175

Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header.

CVSS2: 5.8
0%
Низкий
больше 10 лет назад
ubuntu логотип
CVE-2015-2272

login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to bypass a forced-password-change requirement by creating a web-services token.

CVSS2: 4
0%
Низкий
больше 10 лет назад
ubuntu логотип
CVE-2015-3176

The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register.

CVSS2: 4.3
0%
Низкий
больше 10 лет назад
ubuntu логотип
CVE-2015-3178

Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.

CVSS2: 3.5
0%
Низкий
больше 10 лет назад

Уязвимостей на страницу


Поделиться