Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Mon, 9 Feb 2009 20:12:09 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: Dan Poltawski <talktodan@...il.com>
cc: oss-security@...ts.openwall.com
Subject: Re: CVS request - Moodle


======================================================
Name: CVE-2009-0499
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0499
Reference: MLIST:[oss-security] 20090204 CVS request - Moodle
Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/04/1
Reference: CONFIRM:http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15
Reference: CONFIRM:http://moodle.org/security/

Cross-site request forgery (CSRF) vulnerability in the forum code in
Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows
remote attackers to delete unauthorized forum posts via a link or IMG
tag to post.php.


======================================================
Name: CVE-2009-0500
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0500
Reference: MLIST:[oss-security] 20090204 CVS request - Moodle
Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/04/1
Reference: CONFIRM:http://moodle.org/security/

Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle
1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before
1.9.4 allows remote attackers to inject arbitrary web script or HTML
via crafted log table information that is not properly handled when it
is displayed in a log report.


======================================================
Name: CVE-2009-0501
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0501
Reference: MLIST:[oss-security] 20090204 CVS request - Moodle
Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/04/1
Reference: CONFIRM:http://moodle.org/security/

Unspecified vulnerability in the Calendar export feature in Moodle 1.8
before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive
information and conduct "brute force attacks on user accounts" via
unknown vectors.


======================================================
Name: CVE-2009-0502
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0502
Reference: MLIST:[oss-security] 20090204 CVS request - Moodle
Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/04/1
Reference: CONFIRM:http://moodle.org/security/

Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php
in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7,
1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to
inject arbitrary web script or HTML via an HTML block, which is not
properly handled when the "Login as" feature is used to visit a
MyMoodle or Blog page.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ