Moodle — система управления образовательными электронными курсами

admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force password changes for autosubscribed users, which makes it easier for remote attackers to obtain access by leveraging knowledge of the initial password of a new user.

admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force ...

Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos.

Multiple cross-site scripting (XSS) vulnerabilities in the media-filte ...

The default configuration of Moodle 2.0.x before 2.0.2 has an incorrect setting of the moodle/course:delete capability, which allows remote authenticated users to delete arbitrary courses by leveraging the teacher role.

The default configuration of Moodle 2.0.x before 2.0.2 has an incorrec ...

Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive information from a myprofile (aka My profile) block by visiting a user-context page.

Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive ...

Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote attackers to obtain sensitive information via a request for imsenterprise-enrol.xml.

Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS enterp ...