Description
admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 does not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to discover hidden course names by subscribing to a rule.
Remediation
References
Related Vulnerabilities
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-5252)
WordPress 3.0.1 Multiple Vulnerabilities (0.6.2 - 3.0.1)
WordPress Plugin Simple Download Monitor Multiple Vulnerabilities (3.2.8)
Oracle HTTP Server Other Vulnerability (CVE-1999-1125)
Django Resource Management Errors Vulnerability (CVE-2011-4137)