Vulnerabilities > Moodle > Moodle > 2.1.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-07-20 | CVE-2011-4583 | Permissions, Privileges, and Access Controls vulnerability in Moodle Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens. | 6.5 |
2012-07-20 | CVE-2011-4582 | Improper Input Validation vulnerability in Moodle 2.1.0/2.1.1/2.1.2 Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL. | 4.9 |
2012-07-17 | CVE-2012-0799 | Information Exposure vulnerability in Moodle Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page. | 4.3 |
2012-07-17 | CVE-2012-0798 | Permissions, Privileges, and Access Controls vulnerability in Moodle The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role. | 5.5 |
2012-07-17 | CVE-2012-0797 | Configuration vulnerability in Moodle The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token. | 5.5 |
2012-07-17 | CVE-2012-0795 | Improper Input Validation vulnerability in Moodle Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address. | 6.5 |
2011-12-22 | CVE-2011-4203 | Code Injection vulnerability in Moodle CRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable. | 5.0 |