[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: moodle 1.9.8, 1.8.2
From:       "Steven M. Christey" <coley () linus ! mitre ! org>
Date:       2010-04-29 19:40:39
Message-ID: Pine.GSO.4.64.1004291537280.5271 () faron ! mitre ! org
[Download RAW message or body]



>MSA-10-0009: Session fixation prevention now turned on by default

Use CVE-2010-1613

>MSA-10-0008: Persistent XSS when using Login-as feature
>MSA-10-0007: Reflective Cross Site Scripting (XSS) in the Moodle
>Global Search Engine

These two are combined into a single CVE.

Use CVE-2010-1614

>MSA-10-0006: SQL injection in Wiki module
>MSA-10-0005: Incorrect validation of forms data

These two are combined into a single CVE.

Use CVE-2010-1615

>MSA-10-0004: Improved access control in course restore

Use CVE-2010-1616

>MSA-10-0003: Disclosure of full user names

Use CVE-2010-1617

>MSA-10-0002: XSS vulnerabilty in the phpcas module

Use CVE-2010-1618

>MSA-10-0001: Vulnerability in KSES text cleaning

Use CVE-2010-1619

[prev in list] [next in list] [prev in thread] [next in thread]