 |
|
|
|
| Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | | Published: |  | 16.02.2009 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 9681 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. |
| Affected: |  | SNOOPY : Snoopy 1.2 | | | | MOODLE : Moodle 1.6 | | | | MOODLE : Moodle 1.7 | | | | MOODLE : Moodle 1.8 | | | | MOODLE : Moodle 1.9 | | | | SAMIZDAT : Samizdat 0.6 | | | | WEBSVN : WebSVN 2.0 | | | | WEBSVN : WebSVN 1.7 | | | | RAVENNUKE : RavenNuke 2.3 | | CVE: |  | CVE-2009-0502 (Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page.) | | | | CVE-2009-0500 (Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.) | | | | CVE-2009-0240 (listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.) | | | | CVE-2008-5153 (spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.) |
|
|
|
|
|
|
|
|
