Vulnerabilities > Moodle > Moodle > 2.0.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-07-20 | CVE-2011-4589 | Permissions, Privileges, and Access Controls vulnerability in Moodle backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not check for the moodle/course:changeidnumber privilege during handling of course ID numbers, which allows remote authenticated users to overwrite ID numbers via a restore action. | 5.5 |
2012-07-20 | CVE-2011-4583 | Permissions, Privileges, and Access Controls vulnerability in Moodle Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens. | 6.5 |
2012-07-17 | CVE-2012-0799 | Information Exposure vulnerability in Moodle Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page. | 4.3 |
2012-07-17 | CVE-2012-0797 | Configuration vulnerability in Moodle The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token. | 5.5 |
2012-07-17 | CVE-2012-0795 | Improper Input Validation vulnerability in Moodle Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address. | 6.5 |
2012-07-11 | CVE-2011-4308 | Permissions, Privileges, and Access Controls vulnerability in Moodle mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, and 2.1.x before 2.1.2 allows remote authenticated users to discover the names of other users via unspecified vectors. | 4.0 |
2011-12-22 | CVE-2011-4203 | Code Injection vulnerability in Moodle CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable. | 5.0 |