Download
| Alert*
|
oval:org.secpod.oval:def:600744
Several security issues have been fixed in Moodle, a course management system for online learning: CVE-2011-4308 / CVE-2012-0792 Rossiani Wijaya discovered an information leak in mod/forum/user.php CVE-2011-4584 MNET authentication didn"t prevent a user using "Login As" from jumping to a r ... oval:org.secpod.oval:def:1901750 A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability can access other users" Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging ... oval:org.secpod.oval:def:1901740 A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities oval:org.secpod.oval:def:1901746 A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Links within assignment submission comments would open directly . Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploit ... oval:org.secpod.oval:def:106097 Moodle is a course management system - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. |
