 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2014.0308 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2014-0308) |
| Zusammenfassung: | The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2014-0308 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2014-0308 advisory. Vulnerability Insight: In Moodle before 2.6.4, serialised data passed by repositories could potentially contain objects defined by add-ons that could include executable code (CVE-2014-3541). In Moodle before 2.6.4, it was possible for manipulated XML files passed from LTI servers to be interpreted by Moodle to allow access to server-side files (CVE-2014-3542). In Moodle before 2.6.4, it was possible for manipulated XML files to be uploaded to the IMSCC course format or the IMSCP resource to allow access to server-side files (CVE-2014-3543). In Moodle before 2.6.4, filtering of the Skype profile field was not removing potentially harmful code (CVE-2014-3544). In Moodle before 2.6.4, it was possible to inject code into Calculated questions that would be executed on the server (CVE-2014-3545). In Moodle before 2.6.4, it was possible to get limited user information, such as user name and courses, by manipulating the URL of profile and notes pages (CVE-2014-3546). In Moodle before 2.6.4, the details of badges from external sources were not being filtered (CVE-2014-3547). In Moodle before 2.6.4, content of exception dialogues presented from AJAX calls was not being escaped before being presented to users (CVE-2014-3548). In Moodle before 2.6.4, fields in rubrics were not being correctly filtered (CVE-2014-3551). In Moodle before 2.6.4, forum was allowing users who were members of more than one group to post to all groups without the capability to access all groups (CVE-2014-3553). The moodle package has been updated to version 2.6.4, to fix these issues and other bugs. Affected Software/OS: 'moodle' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-3541 http://openwall.com/lists/oss-security/2014/07/21/1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3542 Common Vulnerability Exposure (CVE) ID: CVE-2014-3543 Common Vulnerability Exposure (CVE) ID: CVE-2014-3544 BugTraq ID: 68756 http://www.securityfocus.com/bid/68756 http://www.exploit-db.com/exploits/34169 http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/ http://packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.html http://osvdb.org/show/osvdb/109337 Common Vulnerability Exposure (CVE) ID: CVE-2014-3545 Common Vulnerability Exposure (CVE) ID: CVE-2014-3546 Common Vulnerability Exposure (CVE) ID: CVE-2014-3547 BugTraq ID: 68758 http://www.securityfocus.com/bid/68758 Common Vulnerability Exposure (CVE) ID: CVE-2014-3548 BugTraq ID: 68766 http://www.securityfocus.com/bid/68766 Common Vulnerability Exposure (CVE) ID: CVE-2014-3551 BugTraq ID: 68763 http://www.securityfocus.com/bid/68763 Common Vulnerability Exposure (CVE) ID: CVE-2014-3553 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |