Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
moodle moodle 2.9.2 vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2015-5331
Moodle 2.9.x prior to 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API.
Moodle Moodle 2.9.2
Moodle Moodle 2.9.1
Moodle Moodle 2.9.0
632
VMScore
CVE-2015-5332
Atto in Moodle 2.8.x prior to 2.8.9 and 2.9.x prior to 2.9.3 allows remote malicious users to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autosave feature.
Moodle Moodle 2.8.3
Moodle Moodle 2.8.2
Moodle Moodle 2.8.1
Moodle Moodle 2.8.0
Moodle Moodle 2.9.2
Moodle Moodle 2.9.1
Moodle Moodle 2.9.0
Moodle Moodle 2.8.8
Moodle Moodle 2.8.6
Moodle Moodle 2.8.4
Moodle Moodle 2.8.7
Moodle Moodle 2.8.5
356
VMScore
CVE-2016-2155
The grade-reporting feature in Singleview (aka Single View) in Moodle 2.8.x prior to 2.8.11, 2.9.x prior to 2.9.5, and 3.0.x prior to 3.0.3 does not consider the moodle/grade:manage capability, which allows remote authenticated users to modify "Exclude grade" settings b...
Moodle Moodle 3.0.2
Moodle Moodle 3.0.1
Moodle Moodle 2.8.9
Moodle Moodle 2.8.8
Moodle Moodle 2.8.1
Moodle Moodle 2.8.0
Moodle Moodle 2.9.1
Moodle Moodle 2.9.0
Moodle Moodle 2.8.10
Moodle Moodle 2.8.3
Moodle Moodle 2.8.2
Moodle Moodle 2.9.3
Moodle Moodle 2.9.2
Moodle Moodle 2.8.5
Moodle Moodle 2.8.4
Moodle Moodle 3.0.0
Moodle Moodle 2.9.4
Moodle Moodle 2.8.7
Moodle Moodle 2.8.6
356
VMScore
CVE-2016-2154
admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x prior to 2.8.11, 2.9.x prior to 2.9.5, and 3.0.x prior to 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to ...
Moodle Moodle 2.9.3
Moodle Moodle 2.9.2
Moodle Moodle 2.8.6
Moodle Moodle 2.8.5
Moodle Moodle 2.8.4
Moodle Moodle 3.0.0
Moodle Moodle 2.9.4
Moodle Moodle 2.8.8
Moodle Moodle 2.8.7
Moodle Moodle 3.0.2
Moodle Moodle 3.0.1
Moodle Moodle 2.8.10
Moodle Moodle 2.8.9
Moodle Moodle 2.8.1
Moodle Moodle 2.8.0
Moodle Moodle 2.9.1
Moodle Moodle 2.9.0
Moodle Moodle 2.8.3
Moodle Moodle 2.8.2
383
VMScore
CVE-2016-0725
Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x prior to 2.8.10, 2.9.x prior to 2.9.4, and 3.0.x prior to 3.0.2 allows remote malicious users to inject arbitrary web script or HTML via a crafted ...
Fedoraproject Fedora 23
Fedoraproject Fedora 22
Moodle Moodle 3.0.1
Moodle Moodle 3.0.0
Moodle Moodle 2.8.6
Moodle Moodle 2.8.5
Moodle Moodle 2.9.3
Moodle Moodle 2.9.2
Moodle Moodle 2.9.1
Moodle Moodle 2.8.4
Moodle Moodle 2.8.3
Moodle Moodle 2.9.0
Moodle Moodle 2.8.9
Moodle Moodle 2.8.2
Moodle Moodle 2.8.1
Moodle Moodle 2.8.8
Moodle Moodle 2.8.7
Moodle Moodle 2.8.0
445
VMScore
CVE-2016-3731
Moodle 3.0 up to and including 3.0.3, 2.9 up to and including 2.9.5, and 2.8 up to and including 2.8.11 allows remote malicious users to obtain the names of hidden forums and forum discussions.
Moodle Moodle 2.9.0
Moodle Moodle 2.9.1
Moodle Moodle 2.9.2
Moodle Moodle 2.8.6
Moodle Moodle 2.8.7
Moodle Moodle 2.8.8
Moodle Moodle 2.8.9
Moodle Moodle 2.8.2
Moodle Moodle 2.8.4
Moodle Moodle 2.8.11
Moodle Moodle 2.8.1
Moodle Moodle 2.9.4
Moodle Moodle 3.0.3
Moodle Moodle 3.0.0
Moodle Moodle 3.0.1
Moodle Moodle 2.9.3
Moodle Moodle 2.8.3
Moodle Moodle 2.8.5
Moodle Moodle 2.8.10
Moodle Moodle 2.8.0
Moodle Moodle 2.9.5
Moodle Moodle 3.0.2
383
VMScore
CVE-2015-5337
Moodle up to and including 2.6.11, 2.7.x prior to 2.7.11, 2.8.x prior to 2.8.9, and 2.9.x prior to 2.9.3 does not properly restrict the availability of Flowplayer, which allows remote malicious users to conduct cross-site scripting (XSS) attacks via a crafted .swf file.
Moodle Moodle 2.8.8
Moodle Moodle 2.8.7
Moodle Moodle 2.8.6
Moodle Moodle 2.8.5
Moodle Moodle 2.8.4
Moodle Moodle 2.7.10
Moodle Moodle 2.7.1
Moodle Moodle 2.7.0
Moodle Moodle
Moodle Moodle 2.7.9
Moodle Moodle 2.7.8
Moodle Moodle 2.7.7
Moodle Moodle 2.7.6
Moodle Moodle 2.9.1
Moodle Moodle 2.8.3
Moodle Moodle 2.8.1
Moodle Moodle 2.7.4
Moodle Moodle 2.7.2
Moodle Moodle 2.9.2
Moodle Moodle 2.9.0
Moodle Moodle 2.8.2
Moodle Moodle 2.8.0
356
VMScore
CVE-2015-5340
Moodle up to and including 2.6.11, 2.7.x prior to 2.7.11, 2.8.x prior to 2.8.9, and 2.9.x prior to 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) badges/ove...
Moodle Moodle 2.8.2
Moodle Moodle 2.8.1
Moodle Moodle 2.8.0
Moodle Moodle 2.7.9
Moodle Moodle 2.9.1
Moodle Moodle 2.9.0
Moodle Moodle 2.8.8
Moodle Moodle 2.8.7
Moodle Moodle 2.7.4
Moodle Moodle 2.7.3
Moodle Moodle 2.7.2
Moodle Moodle 2.7.10
Moodle Moodle 2.7.1
Moodle Moodle 2.9.2
Moodle Moodle 2.8.6
Moodle Moodle 2.8.4
Moodle Moodle 2.7.7
Moodle Moodle 2.7.5
Moodle Moodle
Moodle Moodle 2.8.5
Moodle Moodle 2.8.3
Moodle Moodle 2.7.8
356
VMScore
CVE-2015-5341
mod_scorm in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.11, 2.8.x prior to 2.8.9, and 2.9.x prior to 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors.
Moodle Moodle 2.9.1
Moodle Moodle 2.9.0
Moodle Moodle 2.8.8
Moodle Moodle 2.8.7
Moodle Moodle 2.7.3
Moodle Moodle 2.7.2
Moodle Moodle 2.7.10
Moodle Moodle 2.7.1
Moodle Moodle 2.8.2
Moodle Moodle 2.8.1
Moodle Moodle 2.8.0
Moodle Moodle 2.7.9
Moodle Moodle 2.9.2
Moodle Moodle 2.8.6
Moodle Moodle 2.8.4
Moodle Moodle 2.7.7
Moodle Moodle 2.7.5
Moodle Moodle
Moodle Moodle 2.8.5
Moodle Moodle 2.8.3
Moodle Moodle 2.7.8
Moodle Moodle 2.7.6
312
VMScore
CVE-2015-5336
Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle up to and including 2.6.11, 2.7.x prior to 2.7.11, 2.8.x prior to 2.8.9, and 2.9.x prior to 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student r...
Moodle Moodle 2.8.0
Moodle Moodle 2.7.9
Moodle Moodle 2.7.8
Moodle Moodle 2.7.7
Moodle Moodle 2.9.1
Moodle Moodle 2.9.0
Moodle Moodle 2.8.7
Moodle Moodle 2.8.6
Moodle Moodle 2.8.5
Moodle Moodle 2.7.2
Moodle Moodle 2.7.1
Moodle Moodle 2.7.0
Moodle Moodle
Moodle Moodle 2.8.8
Moodle Moodle 2.8.4
Moodle Moodle 2.8.2
Moodle Moodle 2.7.5
Moodle Moodle 2.7.3
Moodle Moodle 2.7.10
Moodle Moodle 2.9.2
Moodle Moodle 2.8.3
Moodle Moodle 2.8.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »