Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 541
CVE-2014-0216
The My Home implementation in the block_html_pluginfile function in bl ...
CVE-2014-0215
The blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by (1) using a screen reader or (2) reading the HTML source.
CVE-2014-0215
The blind-marking implementation in Moodle through 2.3.11, 2.4.x befor ...
CVE-2014-0214
login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 creates a MoodleMobile web-service token with an infinite lifetime, which makes it easier for remote attackers to hijack sessions via a brute-force attack.
CVE-2014-0214
login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x b ...
CVE-2014-0213
Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests.
CVE-2014-0213
Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assi ...
CVE-2014-0217
enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL.
CVE-2014-0213
Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests.
CVE-2014-0218
Cross-site scripting (XSS) vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| CVE-2014-0216 The My Home implementation in the block_html_pluginfile function in bl ... | CVSS2: 5 | 0% Низкий | больше 11 лет назад |
 | CVE-2014-0215 The blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by (1) using a screen reader or (2) reading the HTML source. | CVSS2: 4 | 0% Низкий | больше 11 лет назад |
| CVE-2014-0215 The blind-marking implementation in Moodle through 2.3.11, 2.4.x befor ... | CVSS2: 4 | 0% Низкий | больше 11 лет назад |
| CVE-2014-0214 login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 creates a MoodleMobile web-service token with an infinite lifetime, which makes it easier for remote attackers to hijack sessions via a brute-force attack. | CVSS2: 6.8 | 0% Низкий | больше 11 лет назад |
| CVE-2014-0214 login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x b ... | CVSS2: 6.8 | 0% Низкий | больше 11 лет назад |
| CVE-2014-0213 Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests. | CVSS2: 6.8 | 0% Низкий | больше 11 лет назад |
| CVE-2014-0213 Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assi ... | CVSS2: 6.8 | 0% Низкий | больше 11 лет назад |
 | CVE-2014-0217 enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name and summary information about these courses by leveraging the guest role and visiting a crafted URL. | CVSS2: 4.3 | 0% Низкий | больше 11 лет назад |
| CVE-2014-0213 Multiple cross-site request forgery (CSRF) vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests. | CVSS2: 6.8 | 0% Низкий | больше 11 лет назад |
| CVE-2014-0218 Cross-site scripting (XSS) vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVSS2: 4.3 | 0% Низкий | больше 11 лет назад |
Уязвимостей на страницу