| Max CVSS | 6.8 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2012-0796 | 4.0 |
class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 and other products, allows remote authenticated users to inject arbitrary e-mail headers via vectors i
|
13-02-2023 - 03:25 | 17-07-2012 - 10:20 | |
| CVE-2012-0794 | 5.0 |
The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 uses a hardcoded password of nfgjeingjk, which makes it easier for remote attackers to defeat cryptographic pro
|
13-02-2023 - 03:24 | 17-07-2012 - 10:20 | |
| CVE-2011-4588 | 5.0 |
The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x before 1.9.15 uses an incorrect data type, which allows remote attackers to bypass intended IP address restrictions via an XMLRPC request.
|
13-02-2023 - 03:23 | 20-07-2012 - 10:40 | |
| CVE-2011-4587 | 6.8 |
lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 does not properly handle certain zero values in the password policy, which makes it easier for remote attackers to obtain access by leveraging the possible ex
|
13-02-2023 - 01:21 | 20-07-2012 - 10:40 | |
| CVE-2011-4586 | 5.0 |
CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks
|
13-02-2023 - 01:21 | 20-07-2012 - 10:40 | |
| CVE-2012-0793 | 5.0 |
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote attackers to view the profile images of arbitrary user accounts via unspecified vectors.
|
13-02-2023 - 00:22 | 17-07-2012 - 10:20 | |
| CVE-2012-0792 | 4.0 |
mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote authenticated users to obtain the names and other details of arbitrary user accounts by searching for posts.
|
13-02-2023 - 00:22 | 17-07-2012 - 10:20 | |
| CVE-2011-4584 | 4.0 |
The MNET authentication functionality in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote authenticated users to impersonate other user accounts by using the Login As feature in conjunction with a remote MNET singl
|
13-02-2023 - 00:21 | 20-07-2012 - 10:40 | |
| CVE-2011-4585 | 5.0 |
login/change_password.php in Moodle 1.9.x before 1.9.15 does not use https for the change-password form even if the httpslogin option is enabled, which allows remote attackers to obtain credentials by sniffing the network.
|
13-02-2023 - 00:21 | 20-07-2012 - 10:40 | |
| CVE-2011-4308 | 4.0 |
mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors.
|
01-12-2020 - 14:43 | 11-07-2012 - 10:26 | |
| CVE-2012-0795 | 6.5 |
Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address.
|
01-12-2020 - 14:43 | 17-07-2012 - 10:20 |