English | Deutsch | Español | Português
 ID de Usuario:
 Contraseña:
Nuevo usuario
 Acerca de:   Dedicada | Avanzada | Estándar | Periódica | Sin Riesgo | Escritorio | Básica | Individual | Sello | FAQ
  Resumen de Precio/Funciones | Ordenar  | Nuevas Vulnerabilidades | Confidencialidad | Búsqueda de Vulnerabilidad
 Búsqueda de    
Vulnerabilidad   
    Buscar 61204 Descripciones CVE y
32582 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.63060
Categoría:Debian Local Security Checks
Título:Debian Security Advisory DSA 1691-1 (moodle)
Resumen:Debian Security Advisory DSA 1691-1 (moodle)
Descripción:The remote host is missing an update to moodle
announced via advisory DSA 1691-1.

Several remote vulnerabilities have been discovered in Moodle, an online
course management system. The following issues are addressed in this
update, ranging from cross site scripting to remote code execution.

Various cross site scripting issues in the Moodle codebase
(CVE-2008-3326, CVE-2008-3325, CVE-2007-3555, CVE-2008-5432,
MSA-08-0021, MDL-8849, MDL-12793, MDL-11414, MDL-14806,
MDL-10276).

Various cross site request forgery issues in the Moodle codebase
(CVE-2008-3325, MSA-08-0023).

Privilege escalation bugs in the Moodle codebase (MSA-08-0001, MDL-7755).

SQL injection issue in the hotpot module (MSA-08-0010).

An embedded copy of Smarty had several vulnerabilities
(CVE-2008-4811, CVE-2008-4810).
An embedded copy of Snoopy was vulnerable to cross site scripting
(CVE-2008-4796).
An embedded copy of Kses was vulnerable to cross site scripting
(CVE-2008-1502).

For the stable distribution (etch), these problems have been fixed in
version 1.6.3-2+etch1.

For the unstable distribution (sid), these problems have been fixed in
version 1.8.2.dfsg-2.

We recommend that you upgrade your moodle (1.6.3-2+etch1) package.

Solution:
http://www.securityspace.com/smysecure/catid.html?in=DSA%201691-1
Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-3555
Bugtraq: 20070703 Moodle XSS / Liesbeth base CMS sensitive information disclosure (Google Search)
http://www.securityfocus.com/archive/1/archive/1/472727/100/0/threaded
http://securityvulns.ru/Rdocument391.html
http://websecurity.com.ua/1045/
Debian Security Information: DSA-1691 (Google Search)
http://www.debian.org/security/2008/dsa-1691
BugTraq ID: 24748
http://www.securityfocus.com/bid/24748
http://www.osvdb.org/36366
http://www.securitytracker.com/id?1018333
http://secunia.com/advisories/25929
http://securityreason.com/securityalert/2857
XForce ISS Database: moodle-search-xss(35239)
http://xforce.iss.net/xforce/xfdb/35239
Common Vulnerability Exposure (CVE) ID: CVE-2008-1502
http://www.egroupware.org/viewvc/branches/1.4/phpgwapi/inc/class.kses.inc.php?r1=23625&r2=25110&pathrev=25110
http://www.openwall.com/lists/oss-security/2008/07/08/14
Debian Security Information: DSA-1871 (Google Search)
http://www.debian.org/security/2009/dsa-1871
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00331.html
http://www.gentoo.org/security/en/glsa/glsa-200805-04.xml
SuSE Security Announcement: SUSE-SR:2008:015 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html
http://www.ubuntulinux.org/support/documentation/usn/usn-658-1
BugTraq ID: 28424
http://www.securityfocus.com/bid/28424
http://secunia.com/advisories/31167
http://www.vupen.com/english/advisories/2008/0989/references
http://secunia.com/advisories/29491
http://secunia.com/advisories/30073
http://secunia.com/advisories/31018
http://secunia.com/advisories/32446
http://secunia.com/advisories/30986
http://secunia.com/advisories/31017
http://secunia.com/advisories/32400
XForce ISS Database: egroupware-badprotocolonce-security-bypass(41435)
http://xforce.iss.net/xforce/xfdb/41435
Common Vulnerability Exposure (CVE) ID: CVE-2008-3325
Bugtraq: 20080722 PR08-16: CSRF (Cross-site Request Forgery) on Moodle edit profile page (Google Search)
http://www.securityfocus.com/archive/1/archive/1/494658/100/0/threaded
http://www.procheckup.com/Vulnerability_PR08-16.php
SuSE Security Announcement: SUSE-SR:2008:016 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html
http://secunia.com/advisories/31196
http://secunia.com/advisories/31339
XForce ISS Database: moodle-editprofile-csrf(43964)
http://xforce.iss.net/xforce/xfdb/43964
Common Vulnerability Exposure (CVE) ID: CVE-2008-3326
Bugtraq: 20080722 PR08-13: Persistent Cross-site Scripting (XSS) on Moodle via blog entry title (Google Search)
http://www.securityfocus.com/archive/1/archive/1/494656/100/0/threaded
http://www.milw0rm.com/exploits/6653
http://www.procheckup.com/Vulnerability_PR08-13.php
BugTraq ID: 30348
http://www.securityfocus.com/bid/30348
XForce ISS Database: moodle-edit-xss(43961)
http://xforce.iss.net/xforce/xfdb/43961
Common Vulnerability Exposure (CVE) ID: CVE-2008-4796
Bugtraq: 20080907 xoops-1.3.10 shell command execute vulnerability ( causing snoopy class ) (Google Search)
http://www.securityfocus.com/archive/1/archive/1/496068/100/0/threaded
http://www.openwall.com/lists/oss-security/2008/11/01/1
http://jvn.jp/en/jp/JVN20502807/index.html
http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000074.html
BugTraq ID: 31887
http://www.securityfocus.com/bid/31887
http://www.vupen.com/english/advisories/2008/2901
http://secunia.com/advisories/32361
XForce ISS Database: snoopy-snoopyclass-command-execution(46068)
http://xforce.iss.net/xforce/xfdb/46068
Common Vulnerability Exposure (CVE) ID: CVE-2008-4810
http://www.openwall.com/lists/oss-security/2008/10/25/2
http://securityvulns.ru/Udocument746.html
BugTraq ID: 31862
http://www.securityfocus.com/bid/31862
http://secunia.com/advisories/32329
XForce ISS Database: smarty-expandquotedtext-code-execution(46031)
http://xforce.iss.net/xforce/xfdb/46031
Common Vulnerability Exposure (CVE) ID: CVE-2008-4811
XForce ISS Database: smarty-expandquotedtext-code-execution1(46406)
http://xforce.iss.net/xforce/xfdb/46406
Common Vulnerability Exposure (CVE) ID: CVE-2008-5432
http://www.openwall.com/lists/oss-security/2008/12/09/4
SuSE Security Announcement: SUSE-SR:2009:003 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html
BugTraq ID: 32714
http://www.securityfocus.com/bid/32714
http://secunia.com/advisories/33079
http://www.vupen.com/english/advisories/2008/3405
http://secunia.com/advisories/33822
XForce ISS Database: moodle-pagetitles-xss(47193)
http://xforce.iss.net/xforce/xfdb/47193
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 32582 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

Registro de Nuevo Usuario
Email:
Usuario:
Contraseña:
Envíeme por email sus boletines mensuales, informándome los últimos servicios, mejoras y encuestas.
Por favor envíeme por email un anuncio de prueba de vulnerabilidades siempre que se agregue una nueva prueba.
   Privacidad
Ingreso de Usuario Registrado
 
Usuario:   
Contraseña:  

 ¿Olvidó su usuario o contraseña??
Email/ID de Usario:




Principal | Acerca de Nosotros | Contáctenos | Programas de Asociado | Privacidad | Listas de Correo | Abuso
Auditorías de Seguridad | DNS Administrado | Monitoreo de Red | Analizador de Sitio | Informes de Investigación de Internet
Prueba de Web | Whois

© 1998-2014 E-Soft Inc. Todos los derechos reservados.