[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVS request - Moodle
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2009-02-10 1:12:09
Message-ID: Pine.GSO.4.51.0902092011530.15993 () faron ! mitre ! org
[Download RAW message or body]


======================================================
Name: CVE-2009-0499
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0499
Reference: MLIST:[oss-security] 20090204 CVS request - Moodle
Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/04/1
Reference: CONFIRM:http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15
Reference: CONFIRM:http://moodle.org/security/

Cross-site request forgery (CSRF) vulnerability in the forum code in
Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows
remote attackers to delete unauthorized forum posts via a link or IMG
tag to post.php.


======================================================
Name: CVE-2009-0500
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0500
Reference: MLIST:[oss-security] 20090204 CVS request - Moodle
Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/04/1
Reference: CONFIRM:http://moodle.org/security/

Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle
1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before
1.9.4 allows remote attackers to inject arbitrary web script or HTML
via crafted log table information that is not properly handled when it
is displayed in a log report.


======================================================
Name: CVE-2009-0501
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0501
Reference: MLIST:[oss-security] 20090204 CVS request - Moodle
Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/04/1
Reference: CONFIRM:http://moodle.org/security/

Unspecified vulnerability in the Calendar export feature in Moodle 1.8
before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive
information and conduct "brute force attacks on user accounts" via
unknown vectors.


======================================================
Name: CVE-2009-0502
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0502
Reference: MLIST:[oss-security] 20090204 CVS request - Moodle
Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/04/1
Reference: CONFIRM:http://moodle.org/security/

Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php
in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7,
1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to
inject arbitrary web script or HTML via an HTML block, which is not
properly handled when the "Login as" feature is used to visit a
MyMoodle or Blog page.


[prev in list] [next in list] [prev in thread] [next in thread]