English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56536
Category:Debian Local Security Checks
Title:Debian: Security Advisory (DSA-1030-1)
Summary:The remote host is missing an update for the Debian 'moodle' package(s) announced via the DSA-1030-1 advisory.
Description:Summary:
The remote host is missing an update for the Debian 'moodle' package(s) announced via the DSA-1030-1 advisory.

Vulnerability Insight:
Several vulnerabilities have been discovered in libphp-adodb, the 'adodb' database abstraction layer for PHP, which is embedded in moodle, a course management system for online learning. The Common Vulnerabilities and Exposures project identifies the following problems:

CVE-2006-0146

Andreas Sandblad discovered that improper user input sanitisation results in a potential remote SQL injection vulnerability enabling an attacker to compromise applications, access or modify data, or exploit vulnerabilities in the underlying database implementation. This requires the MySQL root password to be empty. It is fixed by limiting access to the script in question.

CVE-2006-0147

A dynamic code evaluation vulnerability allows remote attackers to execute arbitrary PHP functions via the 'do' parameter.

CVE-2006-0410

Andy Staudacher discovered an SQL injection vulnerability due to insufficient input sanitising that allows remote attackers to execute arbitrary SQL commands.

CVE-2006-0806

GulfTech Security Research discovered multiple cross-site scripting vulnerabilities due to improper user-supplied input sanitisation. Attackers can exploit these vulnerabilities to cause arbitrary scripts to be executed in the browser of an unsuspecting user's machine, or result in the theft of cookie-based authentication credentials.

The old stable distribution (woody) does not contain moodle packages.

For the stable distribution (sarge) these problems have been fixed in version 1.4.4.dfsg.1-3sarge1.

For the unstable distribution these problems will be fixed soon.

We recommend that you upgrade your moodle package.

Affected Software/OS:
'moodle' package(s) on Debian 3.1.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-0146
BugTraq ID: 16187
http://www.securityfocus.com/bid/16187
Bugtraq: 20060202 Bug for libs in php link directory 2.0 (Google Search)
http://www.securityfocus.com/archive/1/423784/100/0/threaded
Bugtraq: 20060409 PhpOpenChat 3.0.x ADODB Server.php "sql" SQL injection (Google Search)
http://www.securityfocus.com/archive/1/430448/100/0/threaded
Bugtraq: 20070418 MediaBeez Sql query Execution .. Wear isn't ?? :) (Google Search)
http://www.securityfocus.com/archive/1/466171/100/0/threaded
Debian Security Information: DSA-1029 (Google Search)
http://www.debian.org/security/2006/dsa-1029
Debian Security Information: DSA-1030 (Google Search)
http://www.debian.org/security/2006/dsa-1030
Debian Security Information: DSA-1031 (Google Search)
http://www.debian.org/security/2006/dsa-1031
http://www.gentoo.org/security/en/glsa/glsa-200604-07.xml
http://retrogod.altervista.org/phpopenchat_30x_sql_xpl.html
http://secunia.com/secunia_research/2005-64/advisory/
http://www.osvdb.org/22290
http://secunia.com/advisories/17418
http://secunia.com/advisories/18233
http://secunia.com/advisories/18254
http://secunia.com/advisories/18260
http://secunia.com/advisories/18267
http://secunia.com/advisories/18276
http://secunia.com/advisories/18720
http://secunia.com/advisories/19555
http://secunia.com/advisories/19563
http://secunia.com/advisories/19590
http://secunia.com/advisories/19591
http://secunia.com/advisories/19600
http://secunia.com/advisories/19691
http://secunia.com/advisories/19699
http://secunia.com/advisories/24954
http://securityreason.com/securityalert/713
http://www.vupen.com/english/advisories/2006/0101
http://www.vupen.com/english/advisories/2006/0102
http://www.vupen.com/english/advisories/2006/0103
http://www.vupen.com/english/advisories/2006/0104
http://www.vupen.com/english/advisories/2006/0105
http://www.vupen.com/english/advisories/2006/0370
http://www.vupen.com/english/advisories/2006/0447
http://www.vupen.com/english/advisories/2006/1304
http://www.vupen.com/english/advisories/2006/1305
http://www.vupen.com/english/advisories/2006/1419
XForce ISS Database: adodb-server-command-execution(24051)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24051
Common Vulnerability Exposure (CVE) ID: CVE-2006-0147
Bugtraq: 20060412 Simplog <=0.9.2 multiple vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/430743/100/0/threaded
https://www.exploit-db.com/exploits/1663
http://retrogod.altervista.org/simplog_092_incl_xpl.html
http://www.osvdb.org/22291
http://secunia.com/advisories/19628
http://www.vupen.com/english/advisories/2006/1332
XForce ISS Database: adodb-tmssql-command-execution(24052)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24052
Common Vulnerability Exposure (CVE) ID: CVE-2006-0410
BugTraq ID: 16364
http://www.securityfocus.com/bid/16364
http://www.gentoo.org/security/en/glsa/glsa-200602-02.xml
http://www.osvdb.org/22705
http://secunia.com/advisories/18575
http://secunia.com/advisories/18732
http://secunia.com/advisories/18745
http://www.vupen.com/english/advisories/2006/0315
http://www.vupen.com/english/advisories/2006/0448
XForce ISS Database: adodb-postgresql-sql-injection(24314)
https://exchange.xforce.ibmcloud.com/vulnerabilities/24314
Common Vulnerability Exposure (CVE) ID: CVE-2006-0806
BugTraq ID: 16720
http://www.securityfocus.com/bid/16720
Bugtraq: 20060218 ADOdb Library Cross Site Scripting (Google Search)
http://www.securityfocus.com/archive/1/425393/100/0/threaded
http://phpesp.cvs.sourceforge.net/phpesp/phpESP/admin/include/lib/adodb/adodb-pager.inc.php?r1=1.1&r2=1.2
http://www.gulftech.org/?node=research&article_id=00101-02182006
http://www.osvdb.org/23362
http://secunia.com/advisories/18928
http://securityreason.com/securityalert/452
http://www.vupen.com/english/advisories/2006/0664
http://www.vupen.com/english/advisories/2006/2021
CopyrightCopyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.