Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:16.02.2009
Source:
SecurityVulns ID:9681
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:SNOOPY : Snoopy 1.2
 MOODLE : Moodle 1.6
 MOODLE : Moodle 1.7
 MOODLE : Moodle 1.8
 MOODLE : moodle 1.9
 SAMIZDAT : Samizdat 0.6
 WEBSVN : WebSVN 2.0
 WEBSVN : WebSVN 1.7
 RAVENNUKE : RavenNuke 2.3
CVE:CVE-2009-0502 (Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page.)
 CVE-2009-0500 (Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.)
 CVE-2009-0240 (listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN authz file, allows remote authenticated users to read changelogs or diffs for restricted projects via a modified repname parameter.)
 CVE-2008-5153 (spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/spell-check-debug.log, (2) /tmp/spell-check-before, or (3) /tmp/spell-check-after temporary file.)
Original documentdocumentJanek Vind, [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0 (16.02.2009)
 documentDEBIAN, [Full-disclosure] [SECURITY] [DSA 1725-1] New websvn packages fix information leak (16.02.2009)
 documentDmitry Borodaenko, Cross-site scripting in Samizdat 0.6.1 (16.02.2009)
 documentDEBIAN, [SECURITY] [DSA 1724-1] New moodle packages fix several vulnerabilities (16.02.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod