Moodle — система управления образовательными электронными курсами

login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 ...

mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions.

mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MN ...

Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors.

Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.1 ...

mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors.

mod/glossary/showentry.php in the Glossary module for Moodle 1.8 befor ...

The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors.

The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before ...

Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.