Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.51.0902092011530.15993@faron.mitre.org>
Date: Mon, 9 Feb 2009 20:12:09 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: Dan Poltawski <talktodan@...il.com>
cc: oss-security@...ts.openwall.com
Subject: Re: CVS request - Moodle


======================================================
Name: CVE-2009-0499
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0499
Reference: MLIST:[oss-security] 20090204 CVS request - Moodle
Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/04/1
Reference: CONFIRM:http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15
Reference: CONFIRM:http://moodle.org/security/

Cross-site request forgery (CSRF) vulnerability in the forum code in
Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows
remote attackers to delete unauthorized forum posts via a link or IMG
tag to post.php.


======================================================
Name: CVE-2009-0500
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0500
Reference: MLIST:[oss-security] 20090204 CVS request - Moodle
Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/04/1
Reference: CONFIRM:http://moodle.org/security/

Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle
1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before
1.9.4 allows remote attackers to inject arbitrary web script or HTML
via crafted log table information that is not properly handled when it
is displayed in a log report.


======================================================
Name: CVE-2009-0501
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0501
Reference: MLIST:[oss-security] 20090204 CVS request - Moodle
Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/04/1
Reference: CONFIRM:http://moodle.org/security/

Unspecified vulnerability in the Calendar export feature in Moodle 1.8
before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive
information and conduct "brute force attacks on user accounts" via
unknown vectors.


======================================================
Name: CVE-2009-0502
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0502
Reference: MLIST:[oss-security] 20090204 CVS request - Moodle
Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/04/1
Reference: CONFIRM:http://moodle.org/security/

Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php
in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7,
1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to
inject arbitrary web script or HTML via an HTML block, which is not
properly handled when the "Login as" feature is used to visit a
MyMoodle or Blog page.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.