 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.131146 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2015-0464) |
| Zusammenfassung: | The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2015-0464 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2015-0464 advisory. Vulnerability Insight: In Moodle before 2.8.9, if guest access is open on the site, unauthenticated users can store Atto draft data through the editor autosave area, which could be exploited in a denial of service attack (CVE-2015-5332). In Moodle before 2.8.9, due to a CSRF issue in the site registration form, it is possible to trick a site admin into sending aggregate stats to an arbitrary domain. The attacker can send the admin a link to a site registration form that will display the correct URL but, if submitted, will register with another hub (CVE-2015-5335). In Moodle before 2.8.9, the standard survey module is vulnerable to XSS attack by students who fill the survey (CVE-2015-5336). In Moodle before 2.8.9, there was a reflected XSS vulnerability in the Flowplayer flash video player (CVE-2015-5337). In Moodle before 2.8.9, password-protected lesson modules are subject to a CSRF vulnerability in the lesson login form (CVE-2015-5338). In Moodle before 2.8.9, through web service core_enrol_get_enrolled_users it is possible to retrieve list of course participants who would not be visible when using web site (CVE-2015-5339). In Moodle before 2.8.9, logged in users who do not have capability 'View available badges without earning them' can still access the full list of badges (CVE-2015-5340). In Moodle before 2.8.9, the SCORM module allows to bypass access restrictions based on date and lets users view the SCORM contents (CVE-2015-5341). In Moodle before 2.8.9, the choice module closing date can be bypassed, allowing users to delete or submit new responses after the choice module was closed (CVE-2015-5342). Affected Software/OS: 'moodle' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-5332 Common Vulnerability Exposure (CVE) ID: CVE-2015-5335 Common Vulnerability Exposure (CVE) ID: CVE-2015-5336 Common Vulnerability Exposure (CVE) ID: CVE-2015-5337 Common Vulnerability Exposure (CVE) ID: CVE-2015-5338 Common Vulnerability Exposure (CVE) ID: CVE-2015-5339 Common Vulnerability Exposure (CVE) ID: CVE-2015-5340 Common Vulnerability Exposure (CVE) ID: CVE-2015-5341 Common Vulnerability Exposure (CVE) ID: CVE-2015-5342 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |