English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.10.2013.0217
Category:Mageia Linux Local Security Checks
Title:Mageia: Security Advisory (MGASA-2013-0217)
Summary:The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2013-0217 advisory.
Description:Summary:
The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2013-0217 advisory.

Vulnerability Insight:
Flash files distributed with the YUI library in Moodle before 2.4.5 may have
allowed for cross-site scripting attacks (MSA-13-0025).

Privacy settings for the IMS-LTI (External tool) module in Moodle before
2.4.5 were not able to be changed so personal information was always
transferred (MSA-13-0026).

Users were able to access a daemon-mode Chat activity in Moodle before 2.4.5
without the required capability (CVE-2013-2242).

It was possible to determine answers from ID values in Lesson activity
matching questions in Moodle before 2.4.5 (CVE-2013-2243).

Conditional access rule values for user fields were able to contain unescaped
HTML/JS that would be output to users in Moodle before 2.4.5 (CVE-2013-2244).

When impersonating another user using RSS tokens in Moodle before 2.4.5, an
error was displayed, but block information relevant to the person being
impersonated was shown (CVE-2013-2245).

The Feedback module in Moodle before 2.4.5 was showing personal information
to users without the needed capability (CVE-2013-2246).

Affected Software/OS:
'moodle' package(s) on Mageia 3.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2013-2242
Common Vulnerability Exposure (CVE) ID: CVE-2013-2243
Common Vulnerability Exposure (CVE) ID: CVE-2013-2244
Common Vulnerability Exposure (CVE) ID: CVE-2013-2245
Common Vulnerability Exposure (CVE) ID: CVE-2013-2246
CopyrightCopyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.