Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.1.1 vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2011-4583
Moodle 2.0.x prior to 2.0.6 and 2.1.x prior to 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens.
Moodle Moodle 2.1.1
Moodle Moodle 2.1.0
Moodle Moodle 2.1.2
Moodle Moodle 2.0.4
Moodle Moodle 2.0.0
Moodle Moodle 2.0.1
Moodle Moodle 2.0.2
Moodle Moodle 2.0.3
Moodle Moodle 2.0.5
5
CVSSv2
CVE-2012-2357
The Multi-Authentication feature in the Central Authentication Service (CAS) functionality in auth/cas/cas_form.html in Moodle 2.1.x prior to 2.1.6 and 2.2.x prior to 2.2.3 does not use HTTPS, which allows remote malicious users to obtain credentials by sniffing the network.
Moodle Moodle 2.1.2
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.3
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.0
4
CVSSv2
CVE-2012-3391
mod/forum/rsslib.php in Moodle 2.1.x prior to 2.1.7 and 2.2.x prior to 2.2.4 does not properly implement the requirement for posting before reading a Q&A forum, which allows remote authenticated users to bypass intended access restrictions by leveraging the student role and r...
Moodle Moodle 2.1.5
Moodle Moodle 2.1.4
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.1.2
Moodle Moodle 2.1.6
Moodle Moodle 2.2.0
Moodle Moodle 2.1.1
Moodle Moodle 2.1.3
Moodle Moodle 2.1.0
Moodle Moodle 2.2.3
5.5
CVSSv2
CVE-2012-3392
mod/forum/unsubscribeall.php in Moodle 2.1.x prior to 2.1.7 and 2.2.x prior to 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums.
Moodle Moodle 2.1.3
Moodle Moodle 2.1.0
Moodle Moodle 2.2.3
Moodle Moodle 2.2.2
Moodle Moodle 2.1.5
Moodle Moodle 2.1.4
Moodle Moodle 2.2.1
Moodle Moodle 2.2.0
Moodle Moodle 2.1.2
Moodle Moodle 2.1.6
Moodle Moodle 2.1.1
3.5
CVSSv2
CVE-2012-3390
lib/filelib.php in Moodle 2.1.x prior to 2.1.7 and 2.2.x prior to 2.2.4 does not properly restrict file access after a block has been hidden, which allows remote authenticated users to obtain sensitive information by reading a file that is embedded in a block.
Moodle Moodle 2.2.2
Moodle Moodle 2.1.2
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.6
Moodle Moodle 2.1.3
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.2.0
3.5
CVSSv2
CVE-2012-3393
Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x prior to 2.1.7 and 2.2.x prior to 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository.
Moodle Moodle 2.1.4
Moodle Moodle 2.1.6
Moodle Moodle 2.1.1
Moodle Moodle 2.1.3
Moodle Moodle 2.1.0
Moodle Moodle 2.1.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.0
Moodle Moodle 2.1.5
Moodle Moodle 2.2.3
Moodle Moodle 2.2.2
4.3
CVSSv2
CVE-2012-0799
Moodle 2.0.x prior to 2.0.7 and 2.1.x prior to 2.1.4, when an anonymous front-page forum is enabled, allows remote malicious users to obtain session keys for their sessions by visiting the front page.
Moodle Moodle 2.0.4
Moodle Moodle 2.0.3
Moodle Moodle 2.0.2
Moodle Moodle 2.0.1
Moodle Moodle 2.0.5
Moodle Moodle 2.0.6
Moodle Moodle 2.0.0
Moodle Moodle 2.1.2
Moodle Moodle 2.1.1
Moodle Moodle 2.1.3
Moodle Moodle 2.1.0
5
CVSSv2
CVE-2012-3394
auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x prior to 2.0.10, 2.1.x prior to 2.1.7, 2.2.x prior to 2.2.4, and 2.3.x prior to 2.3.1 redirects users from an https LDAP login URL to an http URL, which allows remote malicious users to obtain sensitive information by sniffing the net...
Moodle Moodle 2.2.2
Moodle Moodle 2.1.2
Moodle Moodle 2.1.1
Moodle Moodle 2.1.5
Moodle Moodle 2.1.6
Moodle Moodle 2.1.3
Moodle Moodle 2.2.1
Moodle Moodle 2.2.3
Moodle Moodle 2.1.4
Moodle Moodle 2.1.0
Moodle Moodle 2.2.0
Moodle Moodle 2.3.0
2.1
CVSSv2
CVE-2012-0800
The form-autocompletion functionality in Moodle 2.0.x prior to 2.0.7, 2.1.x prior to 2.1.4, and 2.2.x prior to 2.2.1 makes it easier for physically proximate malicious users to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a crea...
Moodle Moodle 2.0.2
Moodle Moodle 2.0.1
Moodle Moodle 2.1.2
Moodle Moodle 2.0.4
Moodle Moodle 2.0.3
Moodle Moodle 2.1.1
Moodle Moodle 2.0.6
Moodle Moodle 2.0.5
Moodle Moodle 2.1.3
Moodle Moodle 2.0.0
Moodle Moodle 2.1.0
Moodle Moodle 2.2.0
5.5
CVSSv2
CVE-2012-4408
course/reset.php in Moodle 2.1.x prior to 2.1.8, 2.2.x prior to 2.2.5, and 2.3.x prior to 2.3.2 checks an update capability instead of a reset capability, which allows remote authenticated users to bypass intended access restrictions via a reset operation.
Moodle Moodle 2.1.5
Moodle Moodle 2.1.7
Moodle Moodle 2.1.0
Moodle Moodle 2.1.4
Moodle Moodle 2.1.2
Moodle Moodle 2.1.6
Moodle Moodle 2.1.1
Moodle Moodle 2.1.3
Moodle Moodle 2.2.3
Moodle Moodle 2.2.2
Moodle Moodle 2.2.1
Moodle Moodle 2.2.4
Moodle Moodle 2.2.0
Moodle Moodle 2.3.0
Moodle Moodle 2.3.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
hard-coded
CVE-2024-27202
NULL pointer dereference
CVE-2024-28075
CVE-2024-33608
CVE-2024-28889
CVE-2024-34572
template injection
CVE-2024-34351
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »