 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.131146 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2015-0464) |
| Summary: | The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2015-0464 advisory. |
| Description: | Summary: The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2015-0464 advisory. Vulnerability Insight: In Moodle before 2.8.9, if guest access is open on the site, unauthenticated users can store Atto draft data through the editor autosave area, which could be exploited in a denial of service attack (CVE-2015-5332). In Moodle before 2.8.9, due to a CSRF issue in the site registration form, it is possible to trick a site admin into sending aggregate stats to an arbitrary domain. The attacker can send the admin a link to a site registration form that will display the correct URL but, if submitted, will register with another hub (CVE-2015-5335). In Moodle before 2.8.9, the standard survey module is vulnerable to XSS attack by students who fill the survey (CVE-2015-5336). In Moodle before 2.8.9, there was a reflected XSS vulnerability in the Flowplayer flash video player (CVE-2015-5337). In Moodle before 2.8.9, password-protected lesson modules are subject to a CSRF vulnerability in the lesson login form (CVE-2015-5338). In Moodle before 2.8.9, through web service core_enrol_get_enrolled_users it is possible to retrieve list of course participants who would not be visible when using web site (CVE-2015-5339). In Moodle before 2.8.9, logged in users who do not have capability 'View available badges without earning them' can still access the full list of badges (CVE-2015-5340). In Moodle before 2.8.9, the SCORM module allows to bypass access restrictions based on date and lets users view the SCORM contents (CVE-2015-5341). In Moodle before 2.8.9, the choice module closing date can be bypassed, allowing users to delete or submit new responses after the choice module was closed (CVE-2015-5342). Affected Software/OS: 'moodle' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.1 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-5332 Common Vulnerability Exposure (CVE) ID: CVE-2015-5335 Common Vulnerability Exposure (CVE) ID: CVE-2015-5336 Common Vulnerability Exposure (CVE) ID: CVE-2015-5337 Common Vulnerability Exposure (CVE) ID: CVE-2015-5338 Common Vulnerability Exposure (CVE) ID: CVE-2015-5339 Common Vulnerability Exposure (CVE) ID: CVE-2015-5340 Common Vulnerability Exposure (CVE) ID: CVE-2015-5341 Common Vulnerability Exposure (CVE) ID: CVE-2015-5342 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |