 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2014.0160 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2014-0160) |
| Resumen: | The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2014-0160 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2014-0160 advisory. Vulnerability Insight: Updated moodle package fixes security vulnerabilities: In Moodle before 2.4.9, question strings were not being filtered correctly possibly allowing cross site scripting, as quiz_question_tostring can cause invalid HTML (CVE-2014-2571). Feedback Availability dates not honored in complete.php in Moodle before 2.4.9, therefore it was possible to start a Feedback activity while it was supposed to be closed (CVE-2014-0127). Broken access control vulnerability in Moodle before 2.4.9 with /mod/chat/chat_ajax.php, where capabilities to chat were being checked at the start of a chat, but not during, so changes were not effective immediately (CVE-2014-0122). In Moodle before 2.4.9, there were missing access checks on Wiki pages allowing students to see pages of other students' individual wikis, through the Recent activity block (CVE-2014-0123). In Moodle before 2.4.9, cross site scripting was possible with Flowplayer (CVE-2013-7341). In Moodle before 2.4.9, Forum and Quiz were showing users' email addresses when settings were supposed to be preventing this (CVE-2014-0124). In Moodle before 2.4.9, alias links to items in an Alfresco repository were provided with information that would allow someone to impersonate the file owner in Alfresco (CVE-2014-0125). Cross Site Request Forgery in Moodle before 2.4.9 in enrol/imsenterprise/importnow.php, due to inadequate session checking when triggering the import of IMS Enterprise identities (CVE-2014-0126). Affected Software/OS: 'moodle' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-7341 http://openwall.com/lists/oss-security/2014/03/17/1 Common Vulnerability Exposure (CVE) ID: CVE-2014-0122 [oss-security] 20140317 Moodle security notifications public http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44082 https://moodle.org/mod/forum/discuss.php?d=256418 Common Vulnerability Exposure (CVE) ID: CVE-2014-0123 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39990 https://moodle.org/mod/forum/discuss.php?d=256419 Common Vulnerability Exposure (CVE) ID: CVE-2014-0124 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43916 https://moodle.org/mod/forum/discuss.php?d=256421 Common Vulnerability Exposure (CVE) ID: CVE-2014-0125 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29409 https://moodle.org/mod/forum/discuss.php?d=256422 Common Vulnerability Exposure (CVE) ID: CVE-2014-0126 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43146 https://moodle.org/mod/forum/discuss.php?d=256423 Common Vulnerability Exposure (CVE) ID: CVE-2014-0127 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43656 https://moodle.org/mod/forum/discuss.php?d=256417 Common Vulnerability Exposure (CVE) ID: CVE-2014-2571 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |