[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-2421-1 moodle -- several

ID: oval:org.secpod.oval:def:600744Date: (C)2012-03-02   (M)2023-02-20
Class: PATCHFamily: unix




Several security issues have been fixed in Moodle, a course management system for online learning: CVE-2011-4308 / CVE-2012-0792 Rossiani Wijaya discovered an information leak in mod/forum/user.php CVE-2011-4584 MNET authentication didn"t prevent a user using "Login As" from jumping to a remove MNET SSO. CVE-2011-4585 Darragh Enright discovered that the change password form was send in over plain HTTP even if httpslogin was set to "true". CVE-2011-4586 David Michael Evans and German Sanchez Gances discovered CRLF injection/HTTP response splitting vulnerabilities in the Calendar module. CVE-2011-4587 Stephen Mc Guiness discovered empty passwords could be entered in some circumstances. CVE-2011-4588 Patrick McNeill that IP address restrictions could be bypassed in MNET. CVE-2012-0796 Simon Coggins discovered that additional information could be injected into mail headers. CVE-2012-0795 John Ehringer discovered that email adresses were insufficiently validated. CVE-2012-0794 Rajesh Taneja discovered that cookie encryption used a fixed key. CVE-2012-0793 Eloy Lafuente discovered that profile images were insufficiently protected. A new configuration option "forceloginforprofileimages" was introduced for that.

Platform:
Debian 6.0
Product:
moodle
Reference:
DSA-2421-1
CVE-2011-4308
CVE-2011-4584
CVE-2011-4585
CVE-2011-4586
CVE-2011-4587
CVE-2011-4588
CVE-2012-0792
CVE-2012-0793
CVE-2012-0794
CVE-2012-0795
CVE-2012-0796
CVE    11
CVE-2011-4308
CVE-2011-4587
CVE-2011-4588
CVE-2011-4584
...
CPE    30
cpe:/o:debian:debian_linux:6.0
cpe:/a:moodle:moodle:1.9.15
cpe:/a:moodle:moodle:2.0.6
cpe:/a:moodle:moodle:2.0.5
...

© SecPod Technologies