Download
| Alert*
CVE-2012-1155
Moodle has a database activity export permission issue where the export function of the database activity module exports all entries even those from groups the user does not belong to CVE-2012-1156 Moodle before 2.2.2 has users' private files included in course backups CVE-2012-1157 Moodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default CVE-2012-1168 Moodle before 2.2.2 has a password and web services issue where when the user profile is updated the user password is reset if not specified. CVE-2012-1158 Moodle before 2.2.2 has a course information leak in gradebook where users are able to see hidden grade items in export CVE-2012-1169 Moodle before 2.2.2 has Personal information disclosure, when administrative setting users name display is set to first name only full names are shown in page breadcrumbs. CVE-2012-1159 Moodle before 2.2.2: Overview report allows users to see hidden courses CVE-2012-1170 Moodle before 2.2.2 has an external enrolment plugin context check issue where capability checks are not thorough CVE-2012-1160 Moodle before 2.2.2 has a permission issue in Forum Subscriptions where unenrolled users can subscribe/unsubscribe via mod/forum/index.php CVE-2012-1161 Moodle before 2.2.2: Course information leak via hidden courses being displayed in tag search results |