[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 29 Apr 2010 15:40:39 -0400 (EDT)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security <oss-security@...ts.openwall.com>
Subject: Re: CVE Request: moodle 1.9.8, 1.8.2
>MSA-10-0009: Session fixation prevention now turned on by default
Use CVE-2010-1613
>MSA-10-0008: Persistent XSS when using Login-as feature
>MSA-10-0007: Reflective Cross Site Scripting (XSS) in the Moodle
>Global Search Engine
These two are combined into a single CVE.
Use CVE-2010-1614
>MSA-10-0006: SQL injection in Wiki module
>MSA-10-0005: Incorrect validation of forms data
These two are combined into a single CVE.
Use CVE-2010-1615
>MSA-10-0004: Improved access control in course restore
Use CVE-2010-1616
>MSA-10-0003: Disclosure of full user names
Use CVE-2010-1617
>MSA-10-0002: XSS vulnerabilty in the phpcas module
Use CVE-2010-1618
>MSA-10-0001: Vulnerability in KSES text cleaning
Use CVE-2010-1619
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
