 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.1.10.2015.0110 |
| Kategorie: | Mageia Linux Local Security Checks |
| Titel: | Mageia: Security Advisory (MGASA-2015-0110) |
| Zusammenfassung: | The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2015-0110 advisory. |
| Beschreibung: | Summary: The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2015-0110 advisory. Vulnerability Insight: Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.9, by modifying URL a logged in user can view the list of another user's contacts, number of unread messages and list of their courses (CVE-2015-2266). In Moodle before 2.6.9, authentication in mdeploy can be bypassed. It is theoretically possible to extract files anywhere on the system where the web server has write access. The attacking user must know details about the system and already have significant permissions on the site (CVE-2015-2267). In Moodle before 2.6.9, a non-optimal regular expression in the 'Convert links to URLs' filter could be exploited to create extra server load or make particular pages unavailable (CVE-2015-2268). In Moodle before 2.6.9, it is possible to create HTML injection through blocks with configurable titles, however this could only be exploited by users who are already marked as XSS-trusted (CVE-2015-2269). In Moodle before 2.6.9, for the custom themes that use blocks regions in the base layout the blocks for inaccessible courses could be displayed together with sensitive course-related information. Most of the themes, including all standard Moodle themes, are not affected (CVE-2015-2270). In Moodle before 2.6.9, users without proper permission are able to mark tags as inappropriate. Since this capability is given to authenticated users by default, this is not an issue for most sites (CVE-2015-2271). In Moodle before 2.6.9, even when user's password is forced to be changed on login, user could still use it for authentication in order to create the web service token and therefore extend the life of the temporary password via web services (CVE-2015-2272). In Moodle before 2.6.9, Quiz statistics report did not properly escape student responses and could be used for XSS attack (CVE-2015-2273). Affected Software/OS: 'moodle' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-2266 http://openwall.com/lists/oss-security/2015/03/16/1 Common Vulnerability Exposure (CVE) ID: CVE-2015-2267 Common Vulnerability Exposure (CVE) ID: CVE-2015-2268 Common Vulnerability Exposure (CVE) ID: CVE-2015-2269 Common Vulnerability Exposure (CVE) ID: CVE-2015-2270 Common Vulnerability Exposure (CVE) ID: CVE-2015-2271 Common Vulnerability Exposure (CVE) ID: CVE-2015-2272 BugTraq ID: 73166 http://www.securityfocus.com/bid/73166 Common Vulnerability Exposure (CVE) ID: CVE-2015-2273 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |