 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.131276 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2016-0122) |
| Resumen: | The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2016-0122 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2016-0122 advisory. Vulnerability Insight: In Moodle before 2.8.11, teachers who otherwise were not supposed to see students' emails could see them in the participants list (CVE-2016-2151). In Moodle before 2.8.11, Moodle traditionally trusted content from external DB, however it was decided that external datasources may not be aware of web security practices and data could cause problems after importing to Moodle (CVE-2016-2152). In Moodle before 2.8.11, a user with higher permissions could be tricked into clicking a link which would result in Reflected XSS in mod_data advanced search (CVE-2016-2153). In Moodle before 2.8.11, users without capability to view hidden courses but with capability to subscribe to Event Monitor rules could see the names of hidden courses (CVE-2016-2154). In Moodle before 2.8.11, the Non-Editing Instructor role can edit the exclude checkbox in the Single View grade report (CVE-2016-2155). In Moodle before 2.8.11, users without the capability to view hidden acitivites could still see associated calendar events via web services, via the external function get_calendar_events (CVE-2016-2156). In Moodle before 2.8.11, CSRF is possible on the Assignment plugin admin page, however an exploit is unlikely to benefit anybody and can easily be reversed (CVE-2016-2157). In Moodle before 2.8.11, enumeration of course category details is possible without authentication (CVE-2016-2158). In Moodle before 2.8.11, students were able to add assignment submissions after the due date through web service, via the external function mod_assign_save_submission (CVE-2016-2159). In Moodle before 2.8.11, when following external links that were added with the _blank target, a referer header would be added (CVE-2016-2190). Affected Software/OS: 'moodle' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-2151 http://www.openwall.com/lists/oss-security/2016/03/21/1 http://www.securitytracker.com/id/1035333 Common Vulnerability Exposure (CVE) ID: CVE-2016-2152 Common Vulnerability Exposure (CVE) ID: CVE-2016-2153 Common Vulnerability Exposure (CVE) ID: CVE-2016-2154 Common Vulnerability Exposure (CVE) ID: CVE-2016-2155 Common Vulnerability Exposure (CVE) ID: CVE-2016-2156 Common Vulnerability Exposure (CVE) ID: CVE-2016-2157 Common Vulnerability Exposure (CVE) ID: CVE-2016-2158 Common Vulnerability Exposure (CVE) ID: CVE-2016-2159 Common Vulnerability Exposure (CVE) ID: CVE-2016-2190 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |