Moodle — система управления образовательными электронными курсами

lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 ...

mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not properly process the return value of the openssl_verify function, which allows remote attackers to bypass validation via a crafted certificate.

mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x be ...

The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 does not recognize Forms API setConstant operations, which allows remote attackers to submit unexpected form content by modifying the values of constant fields.

The MoodleQuickForm class in the Forms Library in lib/formslib.php in ...

The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 does not properly restrict access to category and course data, which allows remote attackers to obtain potentially sensitive information via a request for a file.

The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x befo ...

Cross-site scripting (XSS) vulnerability in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment.

Cross-site scripting (XSS) vulnerability in mod/wiki/pagelib.php in Mo ...

Multiple cross-site request forgery (CSRF) vulnerabilities in mod/wiki/ components in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allow remote attackers to hijack the authentication of arbitrary users for requests that modify wiki data.