| Bug | Description |
|---|
| CVE-2004-0725 | Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 ... |
| CVE-2004-1424 | Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 ... |
| CVE-2004-1425 | Directory traversal vulnerability in file.php in Moodle 1.4.2 and ... |
| CVE-2004-1711 | Cross-site scripting (XSS) vulnerability in post.php in Moodle before ... |
| CVE-2004-1978 | Cross-site scripting (XSS) vulnerability in help.php in Moodle before ... |
| CVE-2004-2232 | SQL injection vulnerability in sql.php in the Glossary module in ... |
| CVE-2004-2233 | Unknown "front page vulnerability with Moodle servers" for Moodle ... |
| CVE-2004-2234 | Unknown vulnerability in Moodle before 1.2 allows teachers to log in ... |
| CVE-2004-2235 | Unknown vulnerability in Moodle before 1.2 has unknown impact and ... |
| CVE-2004-2236 | Unknown vulnerability in Moodle before 1.3.3 has unknown impact and ... |
| CVE-2004-2237 | Unknown vulnerability in Moodle before 1.3.4 has unknown impact and ... |
| CVE-2004-2664 | John Lim ADOdb Library for PHP before 4.23 allows remote attackers to ... |
| CVE-2005-2247 | Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown ... |
| CVE-2005-3648 | Multiple SQL injection vulnerabilities in the get_record function in ... |
| CVE-2005-3649 | jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users ... |
| CVE-2005-4600 | Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE ... |
| CVE-2006-0146 | The server.php test script in ADOdb for PHP before 4.70, as used in ... |
| CVE-2006-0147 | Dynamic code evaluation vulnerability in tests/tmssql.php test script ... |
| CVE-2006-0410 | SQL injection vulnerability in ADOdb before 4.71, when using ... |
| CVE-2006-0806 | Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as ... |
| CVE-2006-4618 | PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in ... |
| CVE-2006-4784 | Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 ... |
| CVE-2006-4785 | SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and ... |
| CVE-2006-4786 | Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive ... |
| CVE-2006-4935 | The Database module in Moodle before 1.6.2 does not properly handle ... |
| CVE-2006-4936 | Moodle before 1.6.2 does not properly validate the module instance id ... |
| CVE-2006-4937 | lib/setup.php in Moodle before 1.6.2 sets the error reporting level to ... |
| CVE-2006-4938 | help.php in Moodle before 1.6.2 does not check the existence of ... |
| CVE-2006-4939 | backup/backup_scheduled.php in Moodle before 1.6.2 generates trace ... |
| CVE-2006-4940 | login/forgot_password.php in Moodle before 1.6.2 allows remote ... |
| CVE-2006-4941 | Multiple cross-site scripting (XSS) vulnerabilities in Moodle before ... |
| CVE-2006-4942 | Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) ... |
| CVE-2006-4943 | course/jumpto.php in Moodle before 1.6.2 does not validate the session ... |
| CVE-2006-5219 | SQL injection vulnerability in blog/index.php in the blog module in ... |
| CVE-2006-6625 | Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in ... |
| CVE-2006-6626 | Cross-site scripting (XSS) vulnerability in an unspecified component ... |
| CVE-2007-1429 | Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 ... |
| CVE-2007-1647 | Moodle 1.5.2 and earlier stores sensitive information under the web ... |
| CVE-2007-2326 | Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro ... |
| CVE-2007-2385 | The Yahoo! UI framework exchanges data using JavaScript Object ... |
| CVE-2007-3215 | PHPMailer 1.7, when configured to use sendmail, allows remote ... |
| CVE-2007-3555 | Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 ... |
| CVE-2007-6538 | SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php ... |
| CVE-2008-1066 | The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used ... |
| CVE-2008-1502 | The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in ... |
| CVE-2008-3325 | Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before ... |
| CVE-2008-3326 | Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle ... |
| CVE-2008-4796 | The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 ... |
| CVE-2008-4810 | The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ... |
| CVE-2008-4811 | The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ... |
| CVE-2008-5153 | spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite ... |
| CVE-2008-5432 | Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 ... |
| CVE-2008-5619 | html2text.php in Chuggnutt HTML to Text Converter, as used in ... |
| CVE-2008-6124 | SQL injection vulnerability in the hotpot_delete_selected_attempts ... |
| CVE-2008-6125 | Unspecified vulnerability in the user editing interface in Moodle ... |
| CVE-2009-0499 | Cross-site request forgery (CSRF) vulnerability in the forum code in ... |
| CVE-2009-0500 | Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle ... |
| CVE-2009-0501 | Unspecified vulnerability in the Calendar export feature in Moodle 1.8 ... |
| CVE-2009-0502 | Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php ... |
| CVE-2009-1171 | The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 ... |
| CVE-2009-4297 | Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle ... |
| CVE-2009-4298 | The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before ... |
| CVE-2009-4299 | mod/glossary/showentry.php in the Glossary module for Moodle 1.8 ... |
| CVE-2009-4300 | Multiple unspecified authentication plugins in Moodle 1.8 before ... |
| CVE-2009-4301 | mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when ... |
| CVE-2009-4302 | login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 ... |
| CVE-2009-4303 | Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password ... |
| CVE-2009-4304 | Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random ... |
| CVE-2009-4305 | SQL injection vulnerability in the SCORM module in Moodle 1.8 before ... |
| CVE-2010-1613 | Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate ... |
| CVE-2010-1614 | Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x ... |
| CVE-2010-1615 | Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 ... |
| CVE-2010-1616 | Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when ... |
| CVE-2010-1617 | user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 ... |
| CVE-2010-1618 | Cross-site scripting (XSS) vulnerability in the phpCAS client library ... |
| CVE-2010-1619 | Cross-site scripting (XSS) vulnerability in the ... |
| CVE-2010-2228 | Cross-site scripting (XSS) vulnerability in the MNET access-control ... |
| CVE-2010-2229 | Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php ... |
| CVE-2010-2230 | The KSES text cleaning filter in lib/weblib.php in Moodle before ... |
| CVE-2010-2231 | Cross-site request forgery (CSRF) vulnerability in ... |
| CVE-2010-2479 | Cross-site scripting (XSS) vulnerability in HTML Purifier before ... |
| CVE-2010-2795 | phpCAS before 1.1.2 allows remote authenticated users to hijack ... |
| CVE-2010-2796 | Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when ... |
| CVE-2010-3690 | Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before ... |
| CVE-2010-3691 | PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is ... |
| CVE-2010-3692 | Directory traversal vulnerability in the callback function in ... |
| CVE-2010-4536 | Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used ... |
| CVE-2011-4133 | MSA-11-0002 |
| CVE-2011-4278 | MSA-11-0003 |
| CVE-2011-4279 | MSA-11-0004 |
| CVE-2011-4280 | MSA-11-0005 |
| CVE-2011-4281 | MSA-11-0006 |
| CVE-2011-4282 | MSA-11-0007 |
| CVE-2011-4283 | MSA-11-0008 |
| CVE-2011-4284 | MSA-11-0009 |
| CVE-2011-4285 | MSA-11-0010 |
| CVE-2011-4286 | MSA-11-0011 |
| CVE-2011-4287 | MSA-11-0012 |
| CVE-2011-4288 | MSA-11-0013 |
| CVE-2011-4289 | MSA-11-0014 |
| CVE-2011-4290 | MSA-11-0015 |
| CVE-2011-4291 | MSA-11-0016 |
| CVE-2011-4292 | MSA-11-0017 |
| CVE-2011-4293 | MSA-11-0019 |
| CVE-2011-4294 | MSA-11-0020 |
| CVE-2011-4295 | MSA-11-0021 |
| CVE-2011-4296 | MSA-11-0022 |
| CVE-2011-4297 | MSA-11-0023 |
| CVE-2011-4298 | MSA-11-0027 |
| CVE-2011-4299 | MSA-11-0028 |
| CVE-2011-4300 | MSA-11-0029 |
| CVE-2011-4301 | MSA-11-0031 |
| CVE-2011-4302 | MSA-11-0032 |
| CVE-2011-4303 | MSA-11-0033 |
| CVE-2011-4304 | MSA-11-0034 |
| CVE-2011-4305 | MSA-11-0036 |
| CVE-2011-4306 | MSA-11-0037 |
| CVE-2011-4307 | MSA-11-0039 |
| CVE-2011-4308 | MSA-11-0040 |
| CVE-2011-4309 | MSA-11-0041 |
| CVE-2011-4581 | |
| CVE-2011-4582 | |
| CVE-2011-4583 | |
| CVE-2011-4584 | |
| CVE-2011-4585 | |
| CVE-2011-4586 | |
| CVE-2011-4587 | |
| CVE-2011-4588 | |
| CVE-2011-4589 | |
| CVE-2011-4590 | |
| CVE-2011-4591 | |
| CVE-2011-4592 | |
| CVE-2011-4593 | |
| CVE-2012-0792 | MSA-12-0002: Personal information leak |
| CVE-2012-0793 | MSA-12-0004: Added profile image security |
| CVE-2012-0794 | MSA-12-0005: Encryption enhancement |
| CVE-2012-0795 | MSA-12-0006: Additional email address validation |
| CVE-2012-0796 | MSA-12-0007: Email injection prevention |
| CVE-2012-0797 | MSA-12-0008: Unsynchronised access via tokens |
| CVE-2012-0798 | MSA-12-0009: Role access issue |
| CVE-2012-0799 | MSA-12-0010: Unauthorised access to session key |
| CVE-2012-0800 | MSA-12-0011: Browser autofill password issue |
| CVE-2012-0801 | MSA-12-0012: Form validation issue |
| CVE-2012-1156 | |
| CVE-2012-1157 | |
| CVE-2012-1158 | |
| CVE-2012-1159 | |
| CVE-2012-1160 | |
| CVE-2012-1161 | |
| CVE-2012-1168 | |
| CVE-2012-1169 | |
| CVE-2012-1170 | |
| TEMP-0000000-5CAA34 | Unspecified issue in moodle's admin/delete.php |
| TEMP-0000000-EA71EF | moodle unspecified security bug in the forum module (discuss.php) |
| TEMP-0495985-D91305 | tcpdf code execution via tcpdf tag |