Download
| Alert*
|
oval:org.secpod.oval:def:700367
Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. Nigel McNie discovered that fetching https URLs did not correctly ... oval:org.mitre.oval:def:7916 Christian J. Eibl discovered that the TeX filter of Moodle, a web-based course management system, doesn't check user input for certain TeX commands which allows an attacker to include and display the content of arbitrary system files. Note that this doesn't affect installations that only use the mim ... oval:org.secpod.oval:def:700296 Christian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy oval:org.secpod.oval:def:101841 Moodle is a course management system - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. oval:org.secpod.oval:def:101744 Moodle is a course management system - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. oval:org.secpod.oval:def:600382 Christian J. Eibl discovered that the TeX filter of Moodle, a web-based course management system, doesn"t check user input for certain TeX commands which allows an attacker to include and display the content of arbitrary system files. Note that this doesn"t affect installations that only use the mim ... oval:org.secpod.oval:def:102376 Moodle is a course management system - a free, Open Source software package designed using sound pedagogical principles, to help educators create effective online learning communities. |
