Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

moodle moodle 1.9.15 vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2012-0792
mod/forum/user.php in Moodle 1.9.x prior to 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts.
Moodle Moodle 1.9.4Moodle Moodle 1.9.1Moodle Moodle 1.9.6Moodle Moodle 1.9.9Moodle Moodle 1.9.11Moodle Moodle 1.9.2Moodle Moodle 1.9.12Moodle Moodle 1.9.10Moodle Moodle 1.9.3Moodle Moodle 1.9.13Moodle Moodle 1.9.5Moodle Moodle 1.9.14Moodle Moodle 1.9.15Moodle Moodle 1.9.8Moodle Moodle 1.9.7
NA
CVE-2012-2362
Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x prior to 1.9.18, when Internet Explorer is used, allows remote malicious users to inject arbitrary web script or HTML via a crafted parameter to blog/index.php.
Moodle Moodle 1.9.4Moodle Moodle 1.9.17Moodle Moodle 1.9.1Moodle Moodle 1.9.6Moodle Moodle 1.9.9Moodle Moodle 1.9.11Moodle Moodle 1.9.2Moodle Moodle 1.9.12Moodle Moodle 1.9.10Moodle Moodle 1.9.16Moodle Moodle 1.9.3Moodle Moodle 1.9.13Moodle Moodle 1.9.5Moodle Moodle 1.9.14Moodle Moodle 1.9.15Moodle Moodle 1.9.8Moodle Moodle 1.9.7
NA
CVE-2012-2363
SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x prior to 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event.
Moodle Moodle 1.9.6Moodle Moodle 1.9.5Moodle Moodle 1.9.12Moodle Moodle 1.9.13Moodle Moodle 1.9.14Moodle Moodle 1.9.7Moodle Moodle 1.9.4Moodle Moodle 1.9.10Moodle Moodle 1.9.17Moodle Moodle 1.9.11Moodle Moodle 1.9.2Moodle Moodle 1.9.1Moodle Moodle 1.9.3Moodle Moodle 1.9.16Moodle Moodle 1.9.15Moodle Moodle 1.9.8Moodle Moodle 1.9.9
NA
CVE-2012-0793
Moodle 1.9.x prior to 1.9.16, 2.0.x prior to 2.0.7, 2.1.x prior to 2.1.4, and 2.2.x prior to 2.2.1 allows remote malicious users to view the profile images of arbitrary user accounts via unspecified vectors.
Moodle Moodle 2.0.2Moodle Moodle 1.9.4Moodle Moodle 1.9.1Moodle Moodle 1.9.6Moodle Moodle 1.9.9Moodle Moodle 2.0.1Moodle Moodle 1.9.11Moodle Moodle 2.1.2Moodle Moodle 2.0.4Moodle Moodle 1.9.2Moodle Moodle 1.9.12Moodle Moodle 1.9.10Moodle Moodle 2.0.3Moodle Moodle 2.1.1Moodle Moodle 1.9.3Moodle Moodle 2.0.6Moodle Moodle 2.0.5Moodle Moodle 2.1.3Moodle Moodle 1.9.13Moodle Moodle 1.9.5Moodle Moodle 1.9.14Moodle Moodle 1.9.15
NA
CVE-2012-0794
The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x prior to 1.9.16, 2.0.x prior to 2.0.7, 2.1.x prior to 2.1.4, and 2.2.x prior to 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote malicious users to defeat cryptographic protection mechanis...
Moodle Moodle 2.0.2Moodle Moodle 1.9.4Moodle Moodle 1.9.1Moodle Moodle 1.9.6Moodle Moodle 1.9.9Moodle Moodle 2.0.1Moodle Moodle 1.9.11Moodle Moodle 2.1.2Moodle Moodle 2.0.4Moodle Moodle 1.9.2Moodle Moodle 1.9.12Moodle Moodle 1.9.10Moodle Moodle 2.0.3Moodle Moodle 2.1.1Moodle Moodle 1.9.3Moodle Moodle 2.0.6Moodle Moodle 2.0.5Moodle Moodle 2.1.3Moodle Moodle 1.9.13Moodle Moodle 1.9.5Moodle Moodle 1.9.14Moodle Moodle 1.9.15
NA
CVE-2012-0795
Moodle 1.9.x prior to 1.9.16, 2.0.x prior to 2.0.7, 2.1.x prior to 2.1.4, and 2.2.x prior to 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address.
Moodle Moodle 1.9.4Moodle Moodle 1.9.2Moodle Moodle 1.9.1Moodle Moodle 1.9.5Moodle Moodle 1.9.12Moodle Moodle 2.0.5Moodle Moodle 2.0.0Moodle Moodle 1.9.7Moodle Moodle 1.9.8Moodle Moodle 1.9.10Moodle Moodle 2.0.4Moodle Moodle 2.0.3Moodle Moodle 2.1.1Moodle Moodle 2.1.3Moodle Moodle 1.9.3Moodle Moodle 1.9.13Moodle Moodle 1.9.14Moodle Moodle 2.0.1Moodle Moodle 2.1.2Moodle Moodle 1.9.15Moodle Moodle 1.9.11Moodle Moodle 1.9.9
NA
CVE-2012-0796
class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x prior to 1.9.16, 2.0.x prior to 2.0.7, 2.1.x prior to 2.1.4, and 2.2.x prior to 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors involving a crafted (1)...
Moodle Moodle 1.9.4Moodle Moodle 1.9.1Moodle Moodle 1.9.6Moodle Moodle 1.9.9Moodle Moodle 1.9.11Moodle Moodle 1.9.2Moodle Moodle 1.9.12Moodle Moodle 1.9.10Moodle Moodle 1.9.3Moodle Moodle 1.9.13Moodle Moodle 1.9.5Moodle Moodle 1.9.14Moodle Moodle 1.9.15Moodle Moodle 1.9.8Moodle Moodle 1.9.7Moodle Moodle 2.0.2Moodle Moodle 2.0.1Moodle Moodle 2.0.4Moodle Moodle 2.0.3Moodle Moodle 2.0.6Moodle Moodle 2.0.5Moodle Moodle 2.0.0
NA
CVE-2012-2367
Moodle 1.9.x prior to 1.9.18, 2.0.x prior to 2.0.9, 2.1.x prior to 2.1.6, and 2.2.x prior to 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action.
Moodle Moodle 1.9.2Moodle Moodle 1.9.1Moodle Moodle 1.9.6Moodle Moodle 1.9.5Moodle Moodle 1.9.7Moodle Moodle 1.9.15Moodle Moodle 1.9.8Moodle Moodle 1.9.10Moodle Moodle 1.9.14Moodle Moodle 1.9.11Moodle Moodle 1.9.4Moodle Moodle 1.9.9Moodle Moodle 1.9.17Moodle Moodle 1.9.16Moodle Moodle 1.9.3Moodle Moodle 1.9.12Moodle Moodle 1.9.13Moodle Moodle 2.0.6Moodle Moodle 2.0.5Moodle Moodle 2.0.4Moodle Moodle 2.0.1Moodle Moodle 2.0.7
NA
CVE-2012-3398
Algorithmic complexity vulnerability in Moodle 1.9.x prior to 1.9.19, 2.0.x prior to 2.0.10, 2.1.x prior to 2.1.7, and 2.2.x prior to 2.2.4 allows remote authenticated users to cause a denial of service (CPU consumption) by using the advanced-search feature on a database activity...
Moodle Moodle 1.9.2Moodle Moodle 1.9.1Moodle Moodle 1.9.6Moodle Moodle 1.9.5Moodle Moodle 2.0.6Moodle Moodle 2.0.5Moodle Moodle 2.1.1Moodle Moodle 2.1.3Moodle Moodle 2.2.2Moodle Moodle 2.2.1Moodle Moodle 1.9.7Moodle Moodle 1.9.15Moodle Moodle 1.9.8Moodle Moodle 1.9.10Moodle Moodle 1.9.14Moodle Moodle 1.9.18Moodle Moodle 2.0.8Moodle Moodle 2.0.1Moodle Moodle 2.1.4Moodle Moodle 2.1.6Moodle Moodle 1.9.11Moodle Moodle 1.9.4
NA
CVE-2012-6098
grade/edit/outcome/edit_form.php in Moodle 1.9.x up to and including 1.9.19, 2.1.x prior to 2.1.10, 2.2.x prior to 2.2.7, 2.3.x prior to 2.3.4, and 2.4.x prior to 2.4.1 does not properly enforce the moodle/grade:manage capability requirement, which allows remote authenticated use...
Moodle Moodle 1.9.16Moodle Moodle 1.9.8Moodle Moodle 1.9.6Moodle Moodle 1.9.12Moodle Moodle 1.9.10Moodle Moodle 1.9.9Moodle Moodle 1.9.17Moodle Moodle 1.9.18Moodle Moodle 1.9.7Moodle Moodle 1.9.15Moodle Moodle 1.9.4Moodle Moodle 1.9.11Moodle Moodle 1.9.2Moodle Moodle 1.9.14Moodle Moodle 1.9.1Moodle Moodle 1.9.3Moodle Moodle 1.9.5Moodle Moodle 1.9.13Moodle Moodle 2.1.0Moodle Moodle 2.1.4Moodle Moodle 2.1.7Moodle Moodle 2.1.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook