oss-sec mailing list archives
Re: CVE Request: moodle 1.9.8, 1.8.2
From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 29 Apr 2010 15:40:39 -0400 (EDT)
MSA-10-0009: Session fixation prevention now turned on by default
Use CVE-2010-1613
MSA-10-0008: Persistent XSS when using Login-as feature MSA-10-0007: Reflective Cross Site Scripting (XSS) in the Moodle Global Search Engine
These two are combined into a single CVE. Use CVE-2010-1614
MSA-10-0006: SQL injection in Wiki module MSA-10-0005: Incorrect validation of forms data
These two are combined into a single CVE. Use CVE-2010-1615
MSA-10-0004: Improved access control in course restore
Use CVE-2010-1616
MSA-10-0003: Disclosure of full user names
Use CVE-2010-1617
MSA-10-0002: XSS vulnerabilty in the phpcas module
Use CVE-2010-1618
MSA-10-0001: Vulnerability in KSES text cleaning
Use CVE-2010-1619
Current thread:
- CVE Request: moodle 1.9.8, 1.8.2 Ludwig Nussel (Apr 01)
- Re: CVE Request: moodle 1.9.8, 1.8.2 Josh Bressers (Apr 01)
- Re: CVE Request: moodle 1.9.8, 1.8.2 Ludwig Nussel (Apr 23)
- Re: CVE Request: moodle 1.9.8, 1.8.2 Steven M. Christey (Apr 29)
- Re: CVE Request: moodle 1.9.8, 1.8.2 Josh Bressers (Apr 01)