Skip to main content
CVE-2016-2037 MEDIUM This Month

The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.4% and no vendor patch available.

Denial Of Service Buffer Overflow Cpio Debian Linux
NVD
CVSS 3.0
6.5
EPSS
19.4%
CVE-2016-2316 MEDIUM POC This Month

chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Fedora Asterisk Certified Asterisk
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2016-2536 HIGH This Week

Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SAP 3D Visual Enterprise Viewer Sketchup
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2015-5338 HIGH PATCH This Week

Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF PHP Moodle
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-2232 MEDIUM This Month

Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Asterisk Certified Asterisk
NVD
CVSS 3.0
6.5
EPSS
7.9%
CVE-2015-5267 HIGH PATCH This Week

lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mt_rand function to implement the random_string and complex_random_string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Moodle
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2015-3272 HIGH PATCH This Week

Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Open Redirect Moodle
NVD
CVSS 3.0
7.4
EPSS
0.3%
CVE-2015-5332 MEDIUM This Month

Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Moodle
NVD
CVSS 3.0
6.8
EPSS
0.6%
CVE-2015-5266 MEDIUM PATCH This Month

The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable.

PHP Privilege Escalation Moodle
NVD
CVSS 3.0
6.8
EPSS
0.2%
CVE-2016-0725 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Fedora Moodle
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2015-5337 MEDIUM PATCH This Month

Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly restrict the availability of Flowplayer, which allows remote attackers to conduct cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-3275 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allow remote attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Moodle
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-3274 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the user_get_user_details function in user/lib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS PHP Moodle
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2015-5264 MEDIUM PATCH This Month

The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Moodle
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-5269 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in group/overview.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS PHP Moodle
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2015-5336 MEDIUM PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Moodle
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2016-0724 MEDIUM PATCH This Month

The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle Fedora
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2015-5268 MEDIUM PATCH This Month

The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2015-3273 MEDIUM This Month

mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Moodle
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2015-5265 MEDIUM PATCH This Month

The wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 does not consider the mod/wiki:managefiles capability before authorizing file management,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Moodle
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2015-5272 MEDIUM This Month

The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Moodle
NVD
CVSS 3.0
4.3
EPSS
0.3%
CVE-2015-5342 MEDIUM PATCH This Month

The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Moodle
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2015-5331 MEDIUM PATCH This Month

Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Moodle
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2015-5340 MEDIUM PATCH This Month

Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Moodle
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2015-5339 MEDIUM PATCH This Month

The core_enrol_get_enrolled_users web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

PHP Information Disclosure Moodle
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2015-5341 MEDIUM PATCH This Month

mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle
NVD
CVSS 3.0
4.3
EPSS
0.2%
CVE-2015-5335 MEDIUM PATCH This Month

Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

CSRF PHP Information Disclosure Moodle
NVD
CVSS 3.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy