Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

moodle moodle 1.9.14 vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2011-4585
login/change_password.php in Moodle 1.9.x prior to 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote malicious users to obtain credentials by sniffing the network.
Moodle Moodle 1.9.4Moodle Moodle 1.9.1Moodle Moodle 1.9.6Moodle Moodle 1.9.9Moodle Moodle 1.9.11Moodle Moodle 1.9.2Moodle Moodle 1.9.12Moodle Moodle 1.9.10Moodle Moodle 1.9.3Moodle Moodle 1.9.13Moodle Moodle 1.9.5Moodle Moodle 1.9.14Moodle Moodle 1.9.8Moodle Moodle 1.9.7
NA
CVE-2011-4588
The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x prior to 1.9.15 uses an incorrect data type, which allows remote malicious users to bypass intended IP address restrictions via an XMLRPC request.
Moodle Moodle 1.9.4Moodle Moodle 1.9.1Moodle Moodle 1.9.6Moodle Moodle 1.9.9Moodle Moodle 1.9.11Moodle Moodle 1.9.2Moodle Moodle 1.9.12Moodle Moodle 1.9.10Moodle Moodle 1.9.3Moodle Moodle 1.9.13Moodle Moodle 1.9.5Moodle Moodle 1.9.14Moodle Moodle 1.9.8Moodle Moodle 1.9.7
NA
CVE-2012-0792
mod/forum/user.php in Moodle 1.9.x prior to 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts.
Moodle Moodle 1.9.4Moodle Moodle 1.9.1Moodle Moodle 1.9.6Moodle Moodle 1.9.9Moodle Moodle 1.9.11Moodle Moodle 1.9.2Moodle Moodle 1.9.12Moodle Moodle 1.9.10Moodle Moodle 1.9.3Moodle Moodle 1.9.13Moodle Moodle 1.9.5Moodle Moodle 1.9.14Moodle Moodle 1.9.15Moodle Moodle 1.9.8Moodle Moodle 1.9.7
NA
CVE-2012-2362
Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x prior to 1.9.18, when Internet Explorer is used, allows remote malicious users to inject arbitrary web script or HTML via a crafted parameter to blog/index.php.
Moodle Moodle 1.9.4Moodle Moodle 1.9.17Moodle Moodle 1.9.1Moodle Moodle 1.9.6Moodle Moodle 1.9.9Moodle Moodle 1.9.11Moodle Moodle 1.9.2Moodle Moodle 1.9.12Moodle Moodle 1.9.10Moodle Moodle 1.9.16Moodle Moodle 1.9.3Moodle Moodle 1.9.13Moodle Moodle 1.9.5Moodle Moodle 1.9.14Moodle Moodle 1.9.15Moodle Moodle 1.9.8Moodle Moodle 1.9.7
NA
CVE-2012-2363
SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x prior to 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event.
Moodle Moodle 1.9.6Moodle Moodle 1.9.5Moodle Moodle 1.9.12Moodle Moodle 1.9.13Moodle Moodle 1.9.14Moodle Moodle 1.9.7Moodle Moodle 1.9.4Moodle Moodle 1.9.10Moodle Moodle 1.9.17Moodle Moodle 1.9.11Moodle Moodle 1.9.2Moodle Moodle 1.9.1Moodle Moodle 1.9.3Moodle Moodle 1.9.16Moodle Moodle 1.9.15Moodle Moodle 1.9.8Moodle Moodle 1.9.9
NA
CVE-2011-4593
Moodle 1.9.x prior to 1.9.15, 2.0.x prior to 2.0.6, and 2.1.x prior to 2.1.3 does not properly handle user/action_redir group messages, which allows remote authenticated users to discover e-mail addresses by visiting the messaging interface.
Moodle Moodle 1.9.4Moodle Moodle 1.9.1Moodle Moodle 1.9.6Moodle Moodle 1.9.9Moodle Moodle 1.9.11Moodle Moodle 1.9.2Moodle Moodle 1.9.12Moodle Moodle 1.9.10Moodle Moodle 1.9.3Moodle Moodle 1.9.13Moodle Moodle 1.9.5Moodle Moodle 1.9.14Moodle Moodle 1.9.8Moodle Moodle 1.9.7Moodle Moodle 2.0.2Moodle Moodle 2.0.1Moodle Moodle 2.0.4Moodle Moodle 2.0.3Moodle Moodle 2.0.5Moodle Moodle 2.0.0Moodle Moodle 2.1.2Moodle Moodle 2.1.1
NA
CVE-2011-4584
The MNET authentication functionality in Moodle 1.9.x prior to 1.9.15, 2.0.x prior to 2.0.6, and 2.1.x prior to 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET single sign-on capability, as...
Moodle Moodle 2.0.2Moodle Moodle 1.9.4Moodle Moodle 1.9.1Moodle Moodle 1.9.6Moodle Moodle 1.9.9Moodle Moodle 2.0.1Moodle Moodle 1.9.11Moodle Moodle 2.1.2Moodle Moodle 2.0.4Moodle Moodle 1.9.2Moodle Moodle 1.9.12Moodle Moodle 1.9.10Moodle Moodle 2.0.3Moodle Moodle 2.1.1Moodle Moodle 1.9.3Moodle Moodle 2.0.5Moodle Moodle 1.9.13Moodle Moodle 1.9.5Moodle Moodle 1.9.14Moodle Moodle 1.9.8Moodle Moodle 1.9.7Moodle Moodle 2.0.0
NA
CVE-2011-4586
CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x prior to 1.9.15, 2.0.x prior to 2.0.6, and 2.1.x prior to 2.1.3 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified ve...
Moodle Moodle 2.0.2Moodle Moodle 1.9.4Moodle Moodle 1.9.1Moodle Moodle 1.9.6Moodle Moodle 1.9.9Moodle Moodle 2.0.1Moodle Moodle 1.9.11Moodle Moodle 2.1.2Moodle Moodle 2.0.4Moodle Moodle 1.9.2Moodle Moodle 1.9.12Moodle Moodle 1.9.10Moodle Moodle 2.0.3Moodle Moodle 2.1.1Moodle Moodle 1.9.3Moodle Moodle 2.0.5Moodle Moodle 1.9.13Moodle Moodle 1.9.5Moodle Moodle 1.9.14Moodle Moodle 1.9.8Moodle Moodle 1.9.7Moodle Moodle 2.0.0
NA
CVE-2011-4587
lib/moodlelib.php in Moodle 1.9.x prior to 1.9.15, 2.0.x prior to 2.0.6, and 2.1.x prior to 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote malicious users to obtain access by leveraging the possible existence of user ac...
Moodle Moodle 2.0.2Moodle Moodle 1.9.4Moodle Moodle 1.9.1Moodle Moodle 1.9.6Moodle Moodle 1.9.9Moodle Moodle 2.0.1Moodle Moodle 1.9.11Moodle Moodle 2.1.2Moodle Moodle 2.0.4Moodle Moodle 1.9.2Moodle Moodle 1.9.12Moodle Moodle 1.9.10Moodle Moodle 2.0.3Moodle Moodle 2.1.1Moodle Moodle 1.9.3Moodle Moodle 2.0.5Moodle Moodle 1.9.13Moodle Moodle 1.9.5Moodle Moodle 1.9.14Moodle Moodle 1.9.8Moodle Moodle 1.9.7Moodle Moodle 2.0.0
NA
CVE-2011-4203
CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x prior to 1.9.15, 2.0.x prior to 2.0.6, 2.1.x prior to 2.1.3, and 2.2 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors i...
Moodle Moodle 1.9.8Moodle Moodle 1.9.9Moodle Moodle 1.9.12Moodle Moodle 1.9.13Moodle Moodle 1.9.1Moodle Moodle 1.9.4Moodle Moodle 1.9.6Moodle Moodle 2.0.0Moodle Moodle 2.0.2Moodle Moodle 2.2.0Moodle Moodle 1.9.10Moodle Moodle 1.9.11Moodle Moodle 1.9.2Moodle Moodle 1.9.3Moodle Moodle 2.0.3Moodle Moodle 2.0.4Moodle Moodle 2.0.5Moodle Moodle 2.1.0Moodle Moodle 2.1.1Moodle Moodle 1.9.5Moodle Moodle 1.9.7Moodle Moodle 1.9.14
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook