Search CVE reports
621 – 630 of 659 results
Some fixes available 2 of 4
Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | — | — | — | — |
Some fixes available 2 of 4
Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table...
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | — | — | — | — |
Some fixes available 2 of 4
Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | — | — | — | — |
Some fixes available 4 of 5
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code...
2 affected packages
moodle, roundcube
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | — | — | — | — |
| roundcube | — | — | — | — |
Some fixes available 2 of 4
Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | — | — | — | — |
Some fixes available 2 of 4
spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | — | — | — | — |
Some fixes available 2 of 9
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign...
3 affected packages
gallery2, moodle, smarty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gallery2 | — | — | — | — |
| moodle | — | — | — | — |
| smarty | — | — | — | — |
Some fixes available 2 of 9
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php...
3 affected packages
gallery2, moodle, smarty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| gallery2 | — | — | — | — |
| moodle | — | — | — | — |
| smarty | — | — | — | — |
Some fixes available 2 of 23
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote...
10 affected packages
ampache, gforge-plugin-scmcvs, libphp-snoopy, magpierss, mahara...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| ampache | — | — | — | — |
| gforge-plugin-scmcvs | — | — | — | — |
| libphp-snoopy | — | — | — | — |
| magpierss | — | — | — | — |
| mahara | — | — | — | — |
| mediamate | — | — | — | — |
| moodle | — | — | — | — |
| opendb | — | — | — | — |
| pixelpost | — | — | — | — |
| wordpress | — | — | — | — |
Moodle 1.6.5, when display_errors is enabled, allows remote attackers to obtain sensitive information via a direct request to (1) blog/blogpage.php and (2) course/report/stats/report.php, which reveals the installation path in an...
1 affected package
moodle
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| moodle | — | — | — | — |