Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 1.9.5 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2011-4585
login/change_password.php in Moodle 1.9.x prior to 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote malicious users to obtain credentials by sniffing the network.
Moodle Moodle 1.9.4
Moodle Moodle 1.9.1
Moodle Moodle 1.9.6
Moodle Moodle 1.9.9
Moodle Moodle 1.9.11
Moodle Moodle 1.9.2
Moodle Moodle 1.9.12
Moodle Moodle 1.9.10
Moodle Moodle 1.9.3
Moodle Moodle 1.9.13
Moodle Moodle 1.9.5
Moodle Moodle 1.9.14
Moodle Moodle 1.9.8
Moodle Moodle 1.9.7
445
VMScore
CVE-2011-4588
The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x prior to 1.9.15 uses an incorrect data type, which allows remote malicious users to bypass intended IP address restrictions via an XMLRPC request.
Moodle Moodle 1.9.4
Moodle Moodle 1.9.1
Moodle Moodle 1.9.6
Moodle Moodle 1.9.9
Moodle Moodle 1.9.11
Moodle Moodle 1.9.2
Moodle Moodle 1.9.12
Moodle Moodle 1.9.10
Moodle Moodle 1.9.3
Moodle Moodle 1.9.13
Moodle Moodle 1.9.5
Moodle Moodle 1.9.14
Moodle Moodle 1.9.8
Moodle Moodle 1.9.7
445
VMScore
CVE-2012-0793
Moodle 1.9.x prior to 1.9.16, 2.0.x prior to 2.0.7, 2.1.x prior to 2.1.4, and 2.2.x prior to 2.2.1 allows remote malicious users to view the profile images of arbitrary user accounts via unspecified vectors.
Moodle Moodle 2.0.2
Moodle Moodle 1.9.4
Moodle Moodle 1.9.1
Moodle Moodle 1.9.6
Moodle Moodle 1.9.9
Moodle Moodle 2.0.1
Moodle Moodle 1.9.11
Moodle Moodle 2.1.2
Moodle Moodle 2.0.4
Moodle Moodle 1.9.2
Moodle Moodle 1.9.12
Moodle Moodle 1.9.10
Moodle Moodle 2.0.3
Moodle Moodle 2.1.1
Moodle Moodle 1.9.3
Moodle Moodle 2.0.6
Moodle Moodle 2.0.5
Moodle Moodle 2.1.3
Moodle Moodle 1.9.13
Moodle Moodle 1.9.5
Moodle Moodle 1.9.14
Moodle Moodle 1.9.15
445
VMScore
CVE-2012-0794
The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x prior to 1.9.16, 2.0.x prior to 2.0.7, 2.1.x prior to 2.1.4, and 2.2.x prior to 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote malicious users to defeat cryptographic protection mechanis...
Moodle Moodle 2.0.2
Moodle Moodle 1.9.4
Moodle Moodle 1.9.1
Moodle Moodle 1.9.6
Moodle Moodle 1.9.9
Moodle Moodle 2.0.1
Moodle Moodle 1.9.11
Moodle Moodle 2.1.2
Moodle Moodle 2.0.4
Moodle Moodle 1.9.2
Moodle Moodle 1.9.12
Moodle Moodle 1.9.10
Moodle Moodle 2.0.3
Moodle Moodle 2.1.1
Moodle Moodle 1.9.3
Moodle Moodle 2.0.6
Moodle Moodle 2.0.5
Moodle Moodle 2.1.3
Moodle Moodle 1.9.13
Moodle Moodle 1.9.5
Moodle Moodle 1.9.14
Moodle Moodle 1.9.15
445
VMScore
CVE-2011-4283
Moodle 1.9.x prior to 1.9.11 and 2.0.x prior to 2.0.2 places an IMS enterprise enrolment file in the course-files area, which allows remote malicious users to obtain sensitive information via a request for imsenterprise-enrol.xml.
Moodle Moodle 1.9.4
Moodle Moodle 1.9.1
Moodle Moodle 1.9.6
Moodle Moodle 1.9.9
Moodle Moodle 2.0.1
Moodle Moodle 1.9.2
Moodle Moodle 1.9.10
Moodle Moodle 1.9.3
Moodle Moodle 1.9.5
Moodle Moodle 1.9.8
Moodle Moodle 1.9.7
Moodle Moodle 2.0.0
445
VMScore
CVE-2011-4301
The MoodleQuickForm class in the Forms Library in lib/formslib.php in Moodle 1.9.x prior to 1.9.14, 2.0.x prior to 2.0.5, and 2.1.x prior to 2.1.2 does not recognize Forms API setConstant operations, which allows remote malicious users to submit unexpected form content by modifyi...
Moodle Moodle 2.0.2
Moodle Moodle 1.9.4
Moodle Moodle 1.9.6
Moodle Moodle 1.9.9
Moodle Moodle 2.0.1
Moodle Moodle 1.9.11
Moodle Moodle 2.0.4
Moodle Moodle 1.9.2
Moodle Moodle 1.9.12
Moodle Moodle 1.9.10
Moodle Moodle 2.0.3
Moodle Moodle 2.1.1
Moodle Moodle 1.9.3
Moodle Moodle 1.9.13
Moodle Moodle 1.9.5
Moodle Moodle 1.9.8
Moodle Moodle 1.9.7
Moodle Moodle 2.0.0
Moodle Moodle 2.1.0
445
VMScore
CVE-2011-4203
CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x prior to 1.9.15, 2.0.x prior to 2.0.6, 2.1.x prior to 2.1.3, and 2.2 allows remote malicious users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors i...
Moodle Moodle 1.9.8
Moodle Moodle 1.9.9
Moodle Moodle 1.9.12
Moodle Moodle 1.9.13
Moodle Moodle 1.9.1
Moodle Moodle 1.9.4
Moodle Moodle 1.9.6
Moodle Moodle 2.0.0
Moodle Moodle 2.0.2
Moodle Moodle 2.2.0
Moodle Moodle 1.9.10
Moodle Moodle 1.9.11
Moodle Moodle 1.9.2
Moodle Moodle 1.9.3
Moodle Moodle 2.0.3
Moodle Moodle 2.0.4
Moodle Moodle 2.0.5
Moodle Moodle 2.1.0
Moodle Moodle 2.1.1
Moodle Moodle 1.9.5
Moodle Moodle 1.9.7
Moodle Moodle 1.9.14
445
VMScore
CVE-2009-4298
The LAMS module (mod/lams) for Moodle 1.8 prior to 1.8.11 and 1.9 prior to 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows malicious users to obtain user account information via unknown vectors.
Moodle Moodle 1.8.4
Moodle Moodle 1.8.5
Moodle Moodle 1.8.7
Moodle Moodle 1.8.8
Moodle Moodle 1.8.1
Moodle Moodle 1.8.3
Moodle Moodle 1.8.9
Moodle Moodle 1.9.2
Moodle Moodle 1.9.3
Moodle Moodle 1.9.4
Moodle Moodle 1.9.5
Moodle Moodle 1.8.2
Moodle Moodle 1.8.10
Moodle Moodle 1.9.1
Moodle Moodle 1.9.6
445
VMScore
CVE-2009-4299
mod/glossary/showentry.php in the Glossary module for Moodle 1.8 prior to 1.8.11 and 1.9 prior to 1.9.7 does not properly perform access control, which allows malicious users to read unauthorized Glossary entries via unknown vectors.
Moodle Moodle 1.8.5
Moodle Moodle 1.8.7
Moodle Moodle 1.8.8
Moodle Moodle 1.8.9
Moodle Moodle 1.8.1
Moodle Moodle 1.8.3
Moodle Moodle 1.9.2
Moodle Moodle 1.9.3
Moodle Moodle 1.9.4
Moodle Moodle 1.9.5
Moodle Moodle 1.9.6
Moodle Moodle 1.8.2
Moodle Moodle 1.8.4
Moodle Moodle 1.8.10
Moodle Moodle 1.9.1
445
VMScore
CVE-2009-4302
login/index_form.html in Moodle 1.8 prior to 1.8.11 and 1.9 prior to 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote malicious ...
Moodle Moodle 1.8.3
Moodle Moodle 1.8.4
Moodle Moodle 1.8.5
Moodle Moodle 1.8.7
Moodle Moodle 1.8.8
Moodle Moodle 1.9.2
Moodle Moodle 1.9.3
Moodle Moodle 1.9.4
Moodle Moodle 1.9.5
Moodle Moodle 1.8.1
Moodle Moodle 1.8.9
Moodle Moodle 1.8.2
Moodle Moodle 1.8.10
Moodle Moodle 1.9.1
Moodle Moodle 1.9.6
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »