| Max CVSS | 10.0 | Min CVSS | 2.6 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2008-4796 | 10.0 |
The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 and earlier, as used in (1) ampache, (2) libphp-snoopy, (3) mahara, (4) mediamate, (5) opendb, (6) pixelpost, and possibly other products, allows remote attackers to execute arbitra
|
30-09-2021 - 15:13 | 30-10-2008 - 20:56 | |
| CVE-2008-1502 | 4.3 |
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks
|
01-12-2020 - 14:52 | 25-03-2008 - 19:44 | |
| CVE-2008-5432 | 4.3 |
Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).
|
01-12-2020 - 14:43 | 11-12-2008 - 15:30 | |
| CVE-2008-3326 | 2.6 |
Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).
|
01-12-2020 - 14:43 | 25-07-2008 - 16:41 | |
| CVE-2008-6125 | 6.5 |
Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors.
|
08-11-2018 - 20:20 | 13-02-2009 - 01:30 | |
| CVE-2008-6124 | 7.5 |
SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary SQL comma
|
08-11-2018 - 20:20 | 13-02-2009 - 01:30 | |
| CVE-2008-3325 | 6.0 |
Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page.
|
01-11-2018 - 15:10 | 25-07-2008 - 16:41 | |
| CVE-2007-3555 | 4.3 |
Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows remote attackers to inject arbitrary web script or HTML via a style expression in the search parameter, a different vulnerability than CVE-2004-1424.
|
15-10-2018 - 21:29 | 04-07-2007 - 15:30 | |
| CVE-2008-4811 | 7.5 |
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 r2797 and earlier allows remote attackers to execute arbitrary PHP code via vectors related to templates and a \ (backslash) before a dollar-sign character.
|
08-08-2017 - 01:32 | 31-10-2008 - 18:09 | |
| CVE-2008-4810 | 7.5 |
The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka "php executed in templates;"
|
08-08-2017 - 01:32 | 31-10-2008 - 18:09 |