厂商或团体 moodle 的搜索结果 (329)

CVE-2016-5012(发布:2017-01-20 03:59:00)NMS
CVSS5.0

[原文]In Moodle 3.x, glossary search displays entries without checking user permissions to view them.

CVE-2016-9188(发布:2016-11-04 06:59:08)NMS
CVSS4.3

[原文]Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters.

CVE-2016-9187(发布:2016-11-04 06:59:07)NMS
CVSS6.5

[原文]Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.

CVE-2016-9186(发布:2016-11-04 06:59:06)NMS
CVSS6.5

[原文]Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.

CVE-2016-7919(发布:2016-10-28 11:59:00)NMS
CVSS5.0

[原文]** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields."

CVE-2016-2190(发布:2016-05-22 16:59:09)NM
CVSS5.0

[原文]Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.

首页上一页12345678下一页尾页 第3页 / 共55页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站