moodle: many vulnerabilites [LWN.net]

Package(s):

moodle

CVE #(s):

CVE-2012-3387 CVE-2012-3388 CVE-2012-3389 CVE-2012-3390 CVE-2012-3391 CVE-2012-3392 CVE-2012-3393 CVE-2012-3394 CVE-2012-3395 CVE-2012-3396 CVE-2012-3397 CVE-2012-3398

Created:

August 2, 2012

Updated:

August 8, 2012

Description:

From the Red Hat bugzilla entry:

CVE-2012-3387 Moodle: MSA-12-0039: File upload validation issue

CVE-2012-3388 Moodle: MSA-12-0040: Capabilities issue through caching

CVE-2012-3389 Moodle: MSA-12-0041: XSS issue in LTI module

CVE-2012-3390 Moodle: MSA-12-0042: File access issue in blocks

CVE-2012-3391 Moodle: MSA-12-0043: Early information access issue in forum

CVE-2012-3392 Moodle: MSA-12-0044: Capability check issue in forum subscriptions

CVE-2012-3393 Moodle: MSA-12-0045: Injection potential in admin for repositories

CVE-2012-3394 Moodle: MSA-12-0046: Insecure protocol redirection in LDAP authentication

CVE-2012-3395 Moodle: MSA-12-0047: SQL injection potential in Feedback module

CVE-2012-3396 Moodle: MSA-12-0048: Possible XSS in cohort administration

CVE-2012-3397 Moodle: MSA-12-0049: Group restricted activity displayed to all users

CVE-2012-3398 Moodle: MSA-12-0050: Potential DOS attack through database activity

Alerts:

Fedora	FEDORA-2012-11028	2012-08-01
Fedora	FEDORA-2012-11039	2012-08-01

(Log in to post comments)