CVE-2015-5267 |
|
Medium |
Feb 22, 2016 |
lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mt_rand function to imple
more...
lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mt_rand function to implement the random_string and complex_random_string functions, which makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.
less...
|
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
CVE-2015-5266 |
|
Medium |
Feb 22, 2016 |
The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allow
more...
The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-running sync script.
less...
|
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
CVE-2015-5265 |
|
Medium |
Feb 22, 2016 |
The wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 does not consider the mod/wiki:managefiles
more...
The wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 does not consider the mod/wiki:managefiles capability before authorizing file management, which allows remote authenticated users to delete arbitrary files by using a manage-files button in a text editor.
less...
|
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
CVE-2015-5264 |
|
Medium |
Feb 22, 2016 |
The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass
more...
The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.
less...
|
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
CVE-2015-3275 |
|
Medium |
Feb 22, 2016 |
Multiple cross-site scripting (XSS) vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x bef
more...
Multiple cross-site scripting (XSS) vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allow remote attackers to inject arbitrary web script or HTML via a crafted organization name to (1) mod/scorm/player.php or (2) mod/scorm/prereqs.php.
less...
|
2.5.5, 2.6.2, 2.4.9, 2.5.4, 2.3.11, 2.4.8, 2.6.1, 2.6, 2.3.10, 2.5.3
|
CVE-2015-3181 |
|
Medium |
Jun 01, 2015 |
files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manage
more...
files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restrictions by using web services to perform uploads after this capability has been revoked.
less...
|
2.5.5, 2.4.9, 2.6.2, 2.6.1, 2.4.8, 2.5.4, 2.3.11, 2.5.3, 2.3.10, 2.4.7
|
CVE-2015-3180 |
|
Medium |
Jun 01, 2015 |
lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obt
more...
lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment.
less...
|
2.5.5, 2.4.9, 2.6.2, 2.6.1, 2.4.8, 2.5.4, 2.3.11, 2.5.3, 2.3.10, 2.4.7
|
CVE-2015-3179 |
|
Low |
Jun 01, 2015 |
login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass
more...
login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.
less...
|
2.5.5, 2.4.9, 2.6.2, 2.6.1, 2.4.8, 2.5.4, 2.3.11, 2.5.3, 2.3.10, 2.4.7
|
CVE-2015-3178 |
|
Low |
Jun 01, 2015 |
Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.
more...
Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.
less...
|
2.5.5, 2.4.9, 2.6.2, 2.6.1, 2.4.8, 2.5.4, 2.3.11, 2.5.3, 2.3.10, 2.4.7
|
CVE-2015-3176 |
|
Medium |
Jun 01, 2015 |
The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows r
more...
The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register.
less...
|
2.5.5, 2.4.9, 2.6.2, 2.6.1, 2.4.8, 2.5.4, 2.3.11, 2.5.3, 2.3.10, 2.4.7
|