Vulnerabilities > Moodle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-04-29 | CVE-2010-1614 | Cross-Site Scripting vulnerability in Moodle Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. | 4.3 |
| 2010-04-29 | CVE-2010-1613 | Improper Authentication vulnerability in Moodle Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks. | 6.8 |
| 2009-12-16 | CVE-2009-4305 | SQL Injection vulnerability in Moodle SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)." | 6.5 |
| 2009-12-16 | CVE-2009-4304 | Credentials Management vulnerability in Moodle Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random password salt in config.php, which makes it easier for attackers to conduct brute-force password guessing attacks. | 7.5 |
| 2009-12-16 | CVE-2009-4303 | Information Exposure vulnerability in Moodle Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password hashes and (2) unspecified "secrets" in backup files, which might allow attackers to obtain sensitive information. | 5.0 |
| 2009-12-16 | CVE-2009-4302 | Cryptographic Issues vulnerability in Moodle login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 links to an index page on the HTTP port even when the page is served from an HTTPS port, which might cause login credentials to be sent in cleartext, even when SSL is intended, and allows remote attackers to obtain these credentials by sniffing. | 5.0 |
| 2009-12-16 | CVE-2009-4301 | Permissions, Privileges, and Access Controls vulnerability in Moodle mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions. | 6.0 |
| 2009-12-16 | CVE-2009-4300 | Information Exposure vulnerability in Moodle Multiple unspecified authentication plugins in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 store the MD5 hashes for passwords in the user table, even when the cached hashes are not used by the plugin, which might make it easier for attackers to obtain credentials via unspecified vectors. | 5.0 |
| 2009-12-16 | CVE-2009-4299 | Permissions, Privileges, and Access Controls vulnerability in Moodle mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors. | 5.0 |
| 2009-12-16 | CVE-2009-4298 | Information Exposure vulnerability in Moodle The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors. | 5.0 |