CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Moodle » Moodle » 1.1.1 * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:moodle:moodle:1.1.1:*:*:*:*:*:*:*
CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-4525 79 XSS 2013-11-26 2020-12-01
3.5
 None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/responses_table.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via an answer to a text-based quiz question.
2 CVE-2013-4524 22 Dir. Trav. 2013-11-26 2020-12-01
6.8
 None Remote Low ??? Complete None None
Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a path.
3 CVE-2013-4523 79 XSS 2013-11-26 2020-12-01
3.5
 None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted message.
4 CVE-2013-4522 200 +Info 2013-11-26 2020-12-01
5.0
 None Remote Low Not required Partial None None
lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote attackers to obtain sensitive information by requesting a file that had been previously retrieved by a caching proxy server.
5 CVE-2013-3630 94 2013-11-01 2021-10-12
4.6
 None Remote High ??? Partial Partial Partial
Moodle through 2.5.2 allows remote authenticated administrators to execute arbitrary programs by configuring the aspell pathname and then triggering a spell-check operation within the TinyMCE editor.
6 CVE-2013-1831 200 +Info 2013-03-25 2020-12-01
5.0
 None Remote Low Not required Partial None None
lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message.
7 CVE-2013-1830 264 +Info 2013-03-25 2020-12-01
5.0
 None Remote Low Not required Partial None None
user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search.
8 CVE-2010-2231 352 CSRF 2010-06-28 2020-12-01
6.8
 None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz attempts via the attemptid parameter.
9 CVE-2010-2230 79 XSS 2010-06-28 2020-12-01
4.0
 None Remote Low ??? None Partial None
The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input.
10 CVE-2010-2229 79 XSS 2010-06-28 2020-12-01
4.3
 None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
11 CVE-2010-2228 79 XSS 2010-06-28 2020-12-01
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username.
12 CVE-2008-5432 79 XSS 2008-12-11 2020-12-01
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).
13 CVE-2008-1502 79 XSS Bypass 2008-03-25 2020-12-01
4.3
 None Remote Medium Not required None Partial None
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.
14 CVE-2005-2247 2005-07-12 2020-12-01
10.0
 None Remote Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown impact and attack vectors.
15 CVE-2004-2237 2004-12-31 2020-12-01
10.0
 None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts."
16 CVE-2004-2236 2004-12-31 2020-12-01
10.0
 None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting.
17 CVE-2004-2235 2004-12-31 2008-09-05
10.0
 None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to improper filtering of text.
18 CVE-2004-2234 2004-12-31 2008-09-05
7.5
 None Remote Low Not required Partial Partial Partial
Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators.
19 CVE-2004-2233 2004-12-31 2020-12-01
10.0
 None Remote Low Not required Complete Complete Complete
Unknown "front page vulnerability with Moodle servers" for Moodle before 1.3.2 has unknown impact and attack vectors.
20 CVE-2004-2232 Sql 2004-12-31 2020-12-01
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements.
21 CVE-2004-1978 XSS 2004-04-30 2020-12-01
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter.
22 CVE-2004-1711 XSS 2004-08-06 2020-12-01
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter.
23 CVE-2004-1425 Dir. Trav. 2004-12-31 2020-12-01
5.0
 None Remote Low Not required Partial None None
Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter.
24 CVE-2004-1424 79 XSS 2004-12-31 2020-12-01
4.3
 None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
25 CVE-2004-0725 XSS 2004-07-27 2020-12-01
6.8
 None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter.
Total number of vulnerabilities : 25   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.