厂商或团体 moodle 的搜索结果 (342)

CVE-2016-5014(发布:2017-01-20 03:59:00)NMS
CVSS5.8

[原文]In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.

CVE-2016-5012(发布:2017-01-20 03:59:00)NMS
CVSS5.0

[原文]In Moodle 3.x, glossary search displays entries without checking user permissions to view them.

CVE-2016-9188(发布:2016-11-04 06:59:08)NMS
CVSS4.3

[原文]Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters.

CVE-2016-9187(发布:2016-11-04 06:59:07)NMS
CVSS6.5

[原文]Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.

CVE-2016-9186(发布:2016-11-04 06:59:06)NMS
CVSS6.5

[原文]Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, and then accessing it via unspecified vectors.

CVE-2016-7919(发布:2016-10-28 11:59:00)NMS
CVSS5.0

[原文]** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component. NOTE: the vendor disputes the relevance of this report, noting that "the person who is installing Moodle must know database access credentials and they can access the database directly; there is no need for them to create a SQL injection in one of the installation dialogue fields."

首页上一页345678910下一页尾页 第5页 / 共57页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站