 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.1.10.2015.0229 |
| Categoría: | Mageia Linux Local Security Checks |
| Título: | Mageia: Security Advisory (MGASA-2015-0229) |
| Resumen: | The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2015-0229 advisory. |
| Descripción: | Summary: The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2015-0229 advisory. Vulnerability Insight: Updated moodle package fixes security vulnerabilities: In Moodle before 2.6.11, leaving gradebook feedback is a trusted action and such capabilities in other modules already have an XSS mask, 'mod/quiz:grade' was missing this flag (CVE-2015-3174). In Moodle before 2.6.11, some error messages display a button to return to the previous page. Redirecting to non-local referer should not be allowed as it can potentially be used for phising (CVE-2015-3175). In Moodle before 2.6.11, on sites with enabled self-registration, not registered users can retrieve fullname of registered users if they know their usernames (CVE-2015-3176). In Moodle before 2.6.11, if a user who is not XSS-trusted attempts to insert a script as part of the input text, it will be cleaned when displayed on the Moodle website but may be displayed uncleaned in the external application because external_format_text() cleans and formats text incorrectly when returning it from Web Services (CVE-2015-3178). In Moodle before 2.6.11, when self-registration is enabled and a user's account was suspended after creating the account but before actually confirming it, the user is still able to login when confirming their email, but only once (CVE-2015-3179). In Moodle before 2.6.11, if a user is enrolled in the course but his enrollment is suspended, they can not access the course but still were able to see the course structure in the navigation block (CVE-2015-3180). In Moodle before 2.6.11, users with the revoked capability 'moodle/user:manageownfiles' are still able to upload private files using a deprecated function in Web Services (CVE-2015-3181). Affected Software/OS: 'moodle' package(s) on Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-3174 BugTraq ID: 74719 http://www.securityfocus.com/bid/74719 http://openwall.com/lists/oss-security/2015/05/18/1 http://www.securitytracker.com/id/1032358 Common Vulnerability Exposure (CVE) ID: CVE-2015-3175 BugTraq ID: 74720 http://www.securityfocus.com/bid/74720 Common Vulnerability Exposure (CVE) ID: CVE-2015-3176 BugTraq ID: 74644 http://www.securityfocus.com/bid/74644 Common Vulnerability Exposure (CVE) ID: CVE-2015-3178 BugTraq ID: 74726 http://www.securityfocus.com/bid/74726 Common Vulnerability Exposure (CVE) ID: CVE-2015-3179 BugTraq ID: 74725 http://www.securityfocus.com/bid/74725 Common Vulnerability Exposure (CVE) ID: CVE-2015-3180 BugTraq ID: 74729 http://www.securityfocus.com/bid/74729 Common Vulnerability Exposure (CVE) ID: CVE-2015-3181 BugTraq ID: 74728 http://www.securityfocus.com/bid/74728 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |