Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 470
CVE-2012-2357
The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network.
CVE-2012-2357
The Multi-Authentication feature in the Central Authentication Service ...
CVE-2012-2356
The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action.
CVE-2012-2356
The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x ...
CVE-2012-2355
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature.
CVE-2012-2355
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authent ...
CVE-2012-2354
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL.
CVE-2012-2354
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authent ...
CVE-2012-2353
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section.
CVE-2012-2353
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authent ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2012-2357 The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not use HTTPS, which allows remote attackers to obtain credentials by sniffing the network. | CVSS2: 5 | 0% Низкий | почти 13 лет назад |
| CVE-2012-2357 The Multi-Authentication feature in the Central Authentication Service ... | CVSS2: 5 | 0% Низкий | почти 13 лет назад |
| CVE-2012-2356 The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action. | CVSS2: 4 | 0% Низкий | почти 13 лет назад |
| CVE-2012-2356 The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x ... | CVSS2: 4 | 0% Низкий | почти 13 лет назад |
| CVE-2012-2355 Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature. | CVSS2: 4 | 0% Низкий | почти 13 лет назад |
| CVE-2012-2355 Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authent ... | CVSS2: 4 | 0% Низкий | почти 13 лет назад |
| CVE-2012-2354 Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/site:readallmessages capability requirement and read arbitrary messages by using the "Recent conversations" feature with a modified parameter in a URL. | CVSS2: 4 | 0% Низкий | почти 13 лет назад |
| CVE-2012-2354 Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authent ... | CVSS2: 4 | 0% Низкий | почти 13 лет назад |
| CVE-2012-2353 Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section. | CVSS2: 4 | 0% Низкий | почти 13 лет назад |
| CVE-2012-2353 Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authent ... | CVSS2: 4 | 0% Низкий | почти 13 лет назад |
Уязвимостей на страницу