Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 9 Feb 2009 20:12:09 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: Dan Poltawski <talktodan@...il.com>
cc: oss-security@...ts.openwall.com
Subject: Re: CVS request - Moodle


======================================================
Name: CVE-2009-0499
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0499
Reference: MLIST:[oss-security] 20090204 CVS request - Moodle
Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/04/1
Reference: CONFIRM:http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15
Reference: CONFIRM:http://moodle.org/security/

Cross-site request forgery (CSRF) vulnerability in the forum code in
Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows
remote attackers to delete unauthorized forum posts via a link or IMG
tag to post.php.


======================================================
Name: CVE-2009-0500
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0500
Reference: MLIST:[oss-security] 20090204 CVS request - Moodle
Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/04/1
Reference: CONFIRM:http://moodle.org/security/

Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle
1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before
1.9.4 allows remote attackers to inject arbitrary web script or HTML
via crafted log table information that is not properly handled when it
is displayed in a log report.


======================================================
Name: CVE-2009-0501
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0501
Reference: MLIST:[oss-security] 20090204 CVS request - Moodle
Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/04/1
Reference: CONFIRM:http://moodle.org/security/

Unspecified vulnerability in the Calendar export feature in Moodle 1.8
before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive
information and conduct "brute force attacks on user accounts" via
unknown vectors.


======================================================
Name: CVE-2009-0502
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0502
Reference: MLIST:[oss-security] 20090204 CVS request - Moodle
Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/04/1
Reference: CONFIRM:http://moodle.org/security/

Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php
in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7,
1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to
inject arbitrary web script or HTML via an HTML block, which is not
properly handled when the "Login as" feature is used to visit a
MyMoodle or Blog page.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.