 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.10.2014.0308 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2014-0308) |
| Summary: | The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2014-0308 advisory. |
| Description: | Summary: The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2014-0308 advisory. Vulnerability Insight: In Moodle before 2.6.4, serialised data passed by repositories could potentially contain objects defined by add-ons that could include executable code (CVE-2014-3541). In Moodle before 2.6.4, it was possible for manipulated XML files passed from LTI servers to be interpreted by Moodle to allow access to server-side files (CVE-2014-3542). In Moodle before 2.6.4, it was possible for manipulated XML files to be uploaded to the IMSCC course format or the IMSCP resource to allow access to server-side files (CVE-2014-3543). In Moodle before 2.6.4, filtering of the Skype profile field was not removing potentially harmful code (CVE-2014-3544). In Moodle before 2.6.4, it was possible to inject code into Calculated questions that would be executed on the server (CVE-2014-3545). In Moodle before 2.6.4, it was possible to get limited user information, such as user name and courses, by manipulating the URL of profile and notes pages (CVE-2014-3546). In Moodle before 2.6.4, the details of badges from external sources were not being filtered (CVE-2014-3547). In Moodle before 2.6.4, content of exception dialogues presented from AJAX calls was not being escaped before being presented to users (CVE-2014-3548). In Moodle before 2.6.4, fields in rubrics were not being correctly filtered (CVE-2014-3551). In Moodle before 2.6.4, forum was allowing users who were members of more than one group to post to all groups without the capability to access all groups (CVE-2014-3553). The moodle package has been updated to version 2.6.4, to fix these issues and other bugs. Affected Software/OS: 'moodle' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-3541 http://openwall.com/lists/oss-security/2014/07/21/1 Common Vulnerability Exposure (CVE) ID: CVE-2014-3542 Common Vulnerability Exposure (CVE) ID: CVE-2014-3543 Common Vulnerability Exposure (CVE) ID: CVE-2014-3544 BugTraq ID: 68756 http://www.securityfocus.com/bid/68756 http://www.exploit-db.com/exploits/34169 http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/ http://packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.html http://osvdb.org/show/osvdb/109337 Common Vulnerability Exposure (CVE) ID: CVE-2014-3545 Common Vulnerability Exposure (CVE) ID: CVE-2014-3546 Common Vulnerability Exposure (CVE) ID: CVE-2014-3547 BugTraq ID: 68758 http://www.securityfocus.com/bid/68758 Common Vulnerability Exposure (CVE) ID: CVE-2014-3548 BugTraq ID: 68766 http://www.securityfocus.com/bid/68766 Common Vulnerability Exposure (CVE) ID: CVE-2014-3551 BugTraq ID: 68763 http://www.securityfocus.com/bid/68763 Common Vulnerability Exposure (CVE) ID: CVE-2014-3553 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |