 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.1.10.2014.0160 |
| Category: | Mageia Linux Local Security Checks |
| Title: | Mageia: Security Advisory (MGASA-2014-0160) |
| Summary: | The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2014-0160 advisory. |
| Description: | Summary: The remote host is missing an update for the 'moodle' package(s) announced via the MGASA-2014-0160 advisory. Vulnerability Insight: Updated moodle package fixes security vulnerabilities: In Moodle before 2.4.9, question strings were not being filtered correctly possibly allowing cross site scripting, as quiz_question_tostring can cause invalid HTML (CVE-2014-2571). Feedback Availability dates not honored in complete.php in Moodle before 2.4.9, therefore it was possible to start a Feedback activity while it was supposed to be closed (CVE-2014-0127). Broken access control vulnerability in Moodle before 2.4.9 with /mod/chat/chat_ajax.php, where capabilities to chat were being checked at the start of a chat, but not during, so changes were not effective immediately (CVE-2014-0122). In Moodle before 2.4.9, there were missing access checks on Wiki pages allowing students to see pages of other students' individual wikis, through the Recent activity block (CVE-2014-0123). In Moodle before 2.4.9, cross site scripting was possible with Flowplayer (CVE-2013-7341). In Moodle before 2.4.9, Forum and Quiz were showing users' email addresses when settings were supposed to be preventing this (CVE-2014-0124). In Moodle before 2.4.9, alias links to items in an Alfresco repository were provided with information that would allow someone to impersonate the file owner in Alfresco (CVE-2014-0125). Cross Site Request Forgery in Moodle before 2.4.9 in enrol/imsenterprise/importnow.php, due to inadequate session checking when triggering the import of IMS Enterprise identities (CVE-2014-0126). Affected Software/OS: 'moodle' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2013-7341 http://openwall.com/lists/oss-security/2014/03/17/1 Common Vulnerability Exposure (CVE) ID: CVE-2014-0122 [oss-security] 20140317 Moodle security notifications public http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44082 https://moodle.org/mod/forum/discuss.php?d=256418 Common Vulnerability Exposure (CVE) ID: CVE-2014-0123 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39990 https://moodle.org/mod/forum/discuss.php?d=256419 Common Vulnerability Exposure (CVE) ID: CVE-2014-0124 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43916 https://moodle.org/mod/forum/discuss.php?d=256421 Common Vulnerability Exposure (CVE) ID: CVE-2014-0125 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29409 https://moodle.org/mod/forum/discuss.php?d=256422 Common Vulnerability Exposure (CVE) ID: CVE-2014-0126 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43146 https://moodle.org/mod/forum/discuss.php?d=256423 Common Vulnerability Exposure (CVE) ID: CVE-2014-0127 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43656 https://moodle.org/mod/forum/discuss.php?d=256417 Common Vulnerability Exposure (CVE) ID: CVE-2014-2571 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |