| Max CVSS | 7.5 | Min CVSS | 2.1 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-0800 | 2.1 |
The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated b
|
13-02-2023 - 03:25 | 17-07-2012 - 10:20 | |
| CVE-2012-0796 | 4.0 |
class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors i
|
13-02-2023 - 03:25 | 17-07-2012 - 10:20 | |
| CVE-2012-0794 | 5.0 |
The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic pro
|
13-02-2023 - 03:24 | 17-07-2012 - 10:20 | |
| CVE-2012-0793 | 5.0 |
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors.
|
13-02-2023 - 00:22 | 17-07-2012 - 10:20 | |
| CVE-2012-0801 | 7.5 |
lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 does not properly handle multiple instances of a form element, which has unspecified impact and remote attack vectors.
|
13-02-2023 - 00:22 | 17-07-2012 - 10:20 | |
| CVE-2012-0792 | 4.0 |
mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts.
|
13-02-2023 - 00:22 | 17-07-2012 - 10:20 | |
| CVE-2012-0798 | 5.5 |
The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role.
|
01-12-2020 - 14:43 | 17-07-2012 - 10:20 | |
| CVE-2012-0795 | 6.5 |
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address.
|
01-12-2020 - 14:43 | 17-07-2012 - 10:20 | |
| CVE-2012-0799 | 4.3 |
Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page.
|
01-12-2020 - 14:41 | 17-07-2012 - 10:20 | |
| CVE-2012-0797 | 5.5 |
The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token.
|
10-01-2020 - 20:04 | 17-07-2012 - 10:20 |