Date: Thu, 29 Apr 2010 15:40:39 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security <oss-security@...ts.openwall.com> Subject: Re: CVE Request: moodle 1.9.8, 1.8.2 >MSA-10-0009: Session fixation prevention now turned on by default Use CVE-2010-1613 >MSA-10-0008: Persistent XSS when using Login-as feature >MSA-10-0007: Reflective Cross Site Scripting (XSS) in the Moodle >Global Search Engine These two are combined into a single CVE. Use CVE-2010-1614 >MSA-10-0006: SQL injection in Wiki module >MSA-10-0005: Incorrect validation of forms data These two are combined into a single CVE. Use CVE-2010-1615 >MSA-10-0004: Improved access control in course restore Use CVE-2010-1616 >MSA-10-0003: Disclosure of full user names Use CVE-2010-1617 >MSA-10-0002: XSS vulnerabilty in the phpcas module Use CVE-2010-1618 >MSA-10-0001: Vulnerability in KSES text cleaning Use CVE-2010-1619
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.