VIR Vulnerability Intelligence Relay

Search

Found 291 results in 78ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2022-50943 medium 6.1 6.1 moodle 24d ago Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can injec…
CVE-2017-15110 medium 4.3 4.3 moodle 9y ago Moodle Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-12157 medium 4.3 4.3 moodle 9y ago Moodle sensitive information disclosure
CVE-2017-12156 medium 6.1 6.1 moodle 9y ago Moodle XSS Vulnerability
CVE-2017-7532 medium 6.5 6.5 moodle 9y ago Moodle Improper Privilege Management
CVE-2017-7531 medium 4.3 4.3 moodle 9y ago Moodle Information Disclosure
CVE-2017-2642 medium 6.5 6.5 moodle 9y ago Moodle User fullname disclosure on user preferences page
CVE-2017-7491 medium 4.3 4.3 moodle 9y ago Moodle Cross-Site Request Forgery (CSRF)
CVE-2017-7490 medium 5.3 5.3 moodle 9y ago Moodle Unauthorized searching of arbitrary blogs by typing full url
CVE-2017-7489 medium 6.3 6.3 moodle 9y ago Moodle External blog editing takeover
CVE-2016-3734 high 8.8 8.8 moodle 9y ago Moodle Cross-site request forgery (CSRF) vulnerability
CVE-2016-3733 medium 4.3 4.3 moodle 9y ago Moodle Improper Access Control
CVE-2016-3732 medium 4.3 4.3 moodle 9y ago Moodle sensitive information disclosure
CVE-2016-3731 medium 5.3 5.3 moodle 9y ago Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 allows remote attackers to obtain the names of hidden forums and forum discussions.
CVE-2016-3729 medium 6.5 6.5 moodle 9y ago Moodle Improper Access Control
CVE-2017-7298 medium 5.4 5.4 moodle 9y ago Moodle Cross-site Scripting in the Course summary filter of the Add a new course
CVE-2017-2645 medium 6.1 6.1 moodle 9y ago Moodle XSS in attachments to evidence of prior learning
CVE-2017-2644 medium 6.1 6.1 moodle 9y ago Moodle XSS Vulnerability
CVE-2017-2643 medium 5.3 5.3 moodle 9y ago Moodle Global search displays user names for unauthenticated users
CVE-2017-2641 critical 9.8 10.0 EXP moodle 9y ago Moodle SQL injection via user preferences
CVE-2017-2578 medium 6.1 6.1 moodle 10y ago Moodle Cross-site Scripting in assignment submission page
CVE-2017-2576 medium 5.3 5.3 moodle 10y ago Moodle Incorrect sanitation of attributes in forums
CVE-2016-8644 medium 5.3 5.3 moodle 10y ago In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context.
CVE-2016-8643 medium 4.3 4.3 moodle 10y ago In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.
CVE-2016-8642 medium 5.3 5.3 moodle 10y ago Moodle Unauthenticated Access
CVE-2016-7038 high 7.3 7.3 moodle 10y ago Moodle Weak Password Recovery Mechanism for Forgotten Password
CVE-2016-5014 medium 5.4 5.4 moodle 10y ago Moodle sensitive information disclosure
CVE-2016-5013 medium 5.4 5.4 moodle 10y ago Moodle Does Not Escape Characters In Email Headers
CVE-2016-5012 medium 5.3 5.3 moodle 10y ago Moodle Glossary search displays entries without checking user permissions to view them
CVE-2016-9188 medium 6.1 6.1 moodle 10y ago Moodle XSS Vulnerability
CVE-2016-9187 high 8.8 8.8 moodle 10y ago Moodle Unrestricted file upload vulnerability
CVE-2016-9186 high 8.8 8.8 moodle 10y ago Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an …
CVE-2016-7919 high 7.5 7.5 moodle 10y ago Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation proces…
CVE-2016-2190 medium 5.3 5.3 moodle 10y ago Moodle sensitive information disclosure
CVE-2016-2159 medium 4.3 4.3 moodle 10y ago Moodle External function mod_assign_save_submission does not check due dates
CVE-2016-2158 medium 4.3 4.3 moodle 10y ago Moodle allows attackers to obtain sensitive category-detail information
CVE-2016-2157 high 8.8 8.8 moodle 10y ago Moodle cross-site request forgery (CSRF) vulnerability
CVE-2016-2156 medium 4.3 4.3 moodle 10y ago Moodle provides calendar-event data without considering whether an activity is hidden
CVE-2016-2155 medium 4.3 4.3 moodle 10y ago Moodle allows attackers to modify "Exclude grade" settings
CVE-2016-2154 medium 4.3 4.3 moodle 10y ago Moodle allows attackers to discover hidden course names
CVE-2016-2153 medium 6.1 6.1 moodle 10y ago Moodle Reflected XSS in mod_data advanced search
CVE-2016-2152 medium 6.1 6.1 moodle 10y ago Moodle XSS from profile fields from external db
CVE-2016-2151 medium 4.3 4.3 moodle 10y ago Moodle allows attackers to discover student e-mail addresses
CVE-2016-0725 medium 6.1 6.1 fedora fedora moodle 10y ago Moodle Cross-site scripting (XSS) vulnerability in course management search
CVE-2016-0724 medium 4.3 4.3 fedora fedora moodle 10y ago Moodle sensitive information disclosure
CVE-2015-5342 medium 4.3 4.3 moodle 10y ago Moodle allows attackers to bypass intended access restrictions
CVE-2015-5341 medium 4.3 4.3 moodle 10y ago Moodle allows attackers to read SCORM contents
CVE-2015-5340 medium 4.3 4.3 moodle 10y ago Moodle sensitive information disclosure
CVE-2015-5339 medium 4.3 4.3 moodle 10y ago Moodle does not properly implement group-based access restrictions
CVE-2015-5338 high 8.8 8.8 moodle 10y ago Moodle multiple cross-site request forgery (CSRF) vulnerabilities
CVE-2015-5337 medium 6.1 6.1 moodle 10y ago Moodle XSS Vulnerability
CVE-2015-5336 medium 5.4 5.4 moodle 10y ago Moodle multiple cross-site scripting (XSS) vulnerabilities
CVE-2015-5335 medium 4.3 4.3 moodle 10y ago Moodle cross-site request forgery (CSRF) vulnerability
CVE-2015-5332 medium 6.8 6.8 moodle 10y ago Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autos…
CVE-2015-5331 medium 4.3 4.3 moodle 10y ago Moodle improper access control
CVE-2015-5272 medium 4.3 4.3 moodle 10y ago The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants."
CVE-2015-5269 medium 5.4 5.4 moodle 10y ago Moodle cross-site scripting (XSS) vulnerability
CVE-2015-5268 medium 4.3 4.3 moodle 10y ago Moodle mishandles group-based authorization checks
CVE-2015-5267 high 7.5 7.5 moodle 10y ago Moodle uses predictable password-recovery tokens
CVE-2015-5266 medium 6.8 6.8 moodle 10y ago Moodle allows attackers to obtain manager privileges
CVE-2015-5265 medium 4.3 4.3 moodle 10y ago Moodle allows attackers to delete files
CVE-2015-5264 medium 5.4 5.4 moodle 10y ago Moodle allows attackers to enter additional answer attempts
CVE-2015-3275 medium 6.1 6.1 moodle 10y ago Moodle multiple cross-site scripting (XSS) vulnerabilities
CVE-2015-3274 medium 6.1 6.1 moodle 10y ago Moodle cross-site scripting (XSS) vulnerability
CVE-2015-3273 medium 4.3 4.3 moodle 10y ago mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated …
CVE-2015-3272 high 7.4 7.4 moodle 10y ago Moodle open redirect vulnerability
CVE-2015-3181 medium 4.0 moodle 11y ago Moodle allows attackers to bypass file-management restrictions
CVE-2015-3180 medium 4.0 moodle 11y ago Moodle allows attackers to obtain sensitive course-structure information
CVE-2015-3179 low 3.5 moodle 11y ago Moodle allows attackers to bypass intended login restrictions
CVE-2015-3178 low 3.5 moodle 11y ago Moodle cross-site scripting (XSS) vulnerability
CVE-2015-3177 low 3.5 moodle 11y ago Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sen…
CVE-2015-3176 medium 4.3 moodle 11y ago Moodle allows attackers obtain full-name information
CVE-2015-3175 medium 5.8 moodle 11y ago Moodle Arbitrary Redirect
CVE-2015-3174 low 3.5 moodle 11y ago Moodle does not set the RISK_XSS bit for graders
CVE-2015-2273 low 3.5 moodle 11y ago Moodle cross-site scripting (XSS) vulnerability
CVE-2015-2272 medium 4.0 moodle 11y ago Moodle allows attackers to bypass a forced-password-change requirement
CVE-2015-2271 medium 4.0 moodle 11y ago Moodle does not consider the moodle/tag:flag capability
CVE-2015-2270 medium 4.3 moodle 11y ago Moodle allows attackers to obtain sensitive course information
CVE-2015-2269 low 4.5 EXP moodle 11y ago Moodle XSS Vulnerability
CVE-2015-2268 medium 6.8 moodle 11y ago Moodle allows attackers to cause a denial of service
CVE-2015-2267 medium 4.0 moodle 11y ago Moodle allows attackers to extract archives to arbitrary directories
CVE-2015-2266 medium 4.0 moodle 11y ago Moodle allows attackers to obtain sensitive personal-contact and unread-message-count information
CVE-2015-1493 medium 6.8 moodle 11y ago Moodle directory traversal vulnerability
CVE-2015-0218 medium 6.8 moodle 11y ago Moodle cross-site request forgery (CSRF) vulnerability
CVE-2015-0217 medium 6.8 moodle 11y ago Moodle allows attackers to cause a denial of service
CVE-2015-0216 low 3.5 moodle 11y ago Moodle does not set the RISK_XSS bit for graders
CVE-2015-0215 medium 4.0 moodle 11y ago Moodle allows attackers to obtain sensitive calendar-event information
CVE-2015-0214 medium 4.0 moodle 11y ago Moodle allows attackers to bypass a messaging-disabled setting
CVE-2015-0213 medium 6.8 moodle 11y ago Moodle multiple cross-site request forgery (CSRF) vulnerabilities
CVE-2015-0212 low 3.5 moodle 11y ago Moodle cross-site scripting (XSS) vulnerability
CVE-2015-0211 medium 4.0 moodle 11y ago Moodle allows attackers to obtain sensitive information
CVE-2014-9060 medium 5.0 moodle 12y ago Moodle allows attackers to trigger the generation of arbitrary messages
CVE-2014-9059 medium 4.3 moodle 12y ago Moodle does not provide charset information in HTTP headers
CVE-2014-7848 medium 5.0 moodle 12y ago Moodle allows attacks to obtain sensitive information
CVE-2014-7847 medium 5.0 moodle 12y ago Moodle allows attackers to cause a denial of service
CVE-2014-7846 medium 4.0 moodle 12y ago Moodle does not consider the moodle/tag:edit capability before adding a tag
CVE-2014-7845 high 7.5 moodle 12y ago Moodle Temporary Passwords are Brute Force-able
CVE-2014-7838 medium 6.8 moodle 12y ago Moodle has multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module
CVE-2014-7837 medium 5.5 moodle 12y ago Moodle allows attackers to remove wiki pages
CVE-2014-7836 medium 6.8 moodle 12y ago Moodle multiple cross-site request forgery (CSRF) vulnerabilities