oss-sec mailing list archives
CVE Request: moodle 1.9.8, 1.8.2
From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Thu, 1 Apr 2010 13:07:17 +0200
Hi, Moodle 1.9.8 and 1.8.12 were released with security fixes: http://docs.moodle.org/en/Moodle_1.9.8_release_notes * MSA-10-0001 Vulnerability in KSES text cleaning * MSA-10-0002 XSS vulnerabilty in the phpcas module * MSA-10-0003 Disclosure of full user names * MSA-10-0004 Improved access control in course restore * MSA-10-0005 Incorrect validation of forms data * MSA-10-0006 SQL injection in Wiki module * MSA-10-0007 Reflective Cross Site Scripting (XSS) in the Moodle Global Search Engine * MSA-10-0008 Persistent XSS when using Login-as feature * MSA-10-0009 Session fixation prevention now turned on by default cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Current thread:
- CVE Request: moodle 1.9.8, 1.8.2 Ludwig Nussel (Apr 01)
- Re: CVE Request: moodle 1.9.8, 1.8.2 Josh Bressers (Apr 01)
- Re: CVE Request: moodle 1.9.8, 1.8.2 Ludwig Nussel (Apr 23)
- Re: CVE Request: moodle 1.9.8, 1.8.2 Steven M. Christey (Apr 29)
- Re: CVE Request: moodle 1.9.8, 1.8.2 Josh Bressers (Apr 01)