Moodle — система управления образовательными электронными курсами
Релизный цикл, информация об уязвимостях
График релизов
Количество 2 541
CVE-2011-4279
Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control, which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine, as demonstrated by the search functionality of Google, Yahoo!, Wrensoft Zoom, MSN, Yandex, and AltaVista.
CVE-2011-4279
Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setti ...
CVE-2011-4278
Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-4278
Cross-site scripting (XSS) vulnerability in the tag autocomplete funct ...
CVE-2011-4133
Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block.
CVE-2011-4133
Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before ...
CVE-2011-4284
Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive information from a myprofile (aka My profile) block by visiting a user-context page.
CVE-2011-4283
Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml.
CVE-2011-4295
The moodle_enrol_external:role_assign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated users to gain privileges by making a role assignment.
CVE-2011-4290
Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2011-4279 Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setting for course-profiles access control, which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine, as demonstrated by the search functionality of Google, Yahoo!, Wrensoft Zoom, MSN, Yandex, and AltaVista. | CVSS2: 5 | 0% Низкий | больше 13 лет назад |
| CVE-2011-4279 Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles setti ... | CVSS2: 5 | 0% Низкий | больше 13 лет назад |
| CVE-2011-4278 Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | CVSS2: 4.3 | 0% Низкий | больше 13 лет назад |
| CVE-2011-4278 Cross-site scripting (XSS) vulnerability in the tag autocomplete funct ... | CVSS2: 4.3 | 0% Низкий | больше 13 лет назад |
| CVE-2011-4133 Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before 1.9.11 allows remote attackers to hijack the authentication of unspecified victims for requests that modify an RSS feed in an RSS block. | CVSS2: 6.8 | 0% Низкий | больше 13 лет назад |
| CVE-2011-4133 Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before ... | CVSS2: 6.8 | 0% Низкий | больше 13 лет назад |
 | CVE-2011-4284 Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive information from a myprofile (aka My profile) block by visiting a user-context page. | CVSS2: 5 | 0% Низкий | больше 13 лет назад |
| CVE-2011-4283 Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml. | CVSS2: 5 | 0% Низкий | больше 13 лет назад |
| CVE-2011-4295 The moodle_enrol_external:role_assign function in enrol/externallib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not have an authorization check, which allows remote authenticated users to gain privileges by making a role assignment. | CVSS2: 6.5 | 0% Низкий | больше 13 лет назад |
| CVE-2011-4290 Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding. | CVSS2: 4.3 | 0% Низкий | больше 13 лет назад |
Уязвимостей на страницу