ID FEDORA:A5C3810F8EE Type fedora Reporter Fedora Modified 2010-08-21T04:29:52
Description
Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities.
{"cve": [{"lastseen": "2020-12-09T19:34:40", "description": "Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "edition": 5, "cvss3": {}, "published": "2010-07-06T17:17:00", "title": "CVE-2010-2479", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2479"], "modified": "2010-07-07T04:00:00", "cpe": ["cpe:/a:mahara:mahara:1.0.9", "cpe:/a:mahara:mahara:1.0.14", "cpe:/a:mahara:mahara:1.1.5", "cpe:/a:mahara:mahara:1.0.2", "cpe:/a:htmlpurifier:htmlpurifier:1.3.1", "cpe:/a:htmlpurifier:htmlpurifier:1.1.0", "cpe:/a:mahara:mahara:1.2.0", "cpe:/a:htmlpurifier:htmlpurifier:3.1.0", "cpe:/a:htmlpurifier:htmlpurifier:2.1.0", "cpe:/a:mahara:mahara:1.2.2", "cpe:/a:htmlpurifier:htmlpurifier:1.3.2", "cpe:/a:mahara:mahara:1.0.0", "cpe:/a:htmlpurifier:htmlpurifier:4.0.0", "cpe:/a:htmlpurifier:htmlpurifier:3.1.1", "cpe:/a:mahara:mahara:1.2.3", "cpe:/a:htmlpurifier:htmlpurifier:2.1.5", "cpe:/a:mahara:mahara:1.0.10", "cpe:/a:htmlpurifier:htmlpurifier:2.0.0", "cpe:/a:mahara:mahara:1.0.5", "cpe:/a:mahara:mahara:1.0.7", "cpe:/a:htmlpurifier:htmlpurifier:1.1.2", "cpe:/a:mahara:mahara:1.1.3", "cpe:/a:htmlpurifier:htmlpurifier:1.6.0", "cpe:/a:mahara:mahara:0.9.2", "cpe:/a:htmlpurifier:htmlpurifier:2.1.1", "cpe:/a:mahara:mahara:1.0.11", "cpe:/a:htmlpurifier:htmlpurifier:2.1.4", "cpe:/a:htmlpurifier:htmlpurifier:1.0.0", "cpe:/a:mahara:mahara:1.2.4", "cpe:/a:mahara:mahara:1.1.6", "cpe:/a:mahara:mahara:1.1.4", "cpe:/a:mahara:mahara:1.0.4", "cpe:/a:mahara:mahara:1.1.7", "cpe:/a:htmlpurifier:htmlpurifier:4.1.0", "cpe:/a:mahara:mahara:0.9.0", "cpe:/a:mahara:mahara:1.2.1", "cpe:/a:htmlpurifier:htmlpurifier:3.2.0", "cpe:/a:mahara:mahara:1.0.1", "cpe:/a:htmlpurifier:htmlpurifier:1.5.0", "cpe:/a:htmlpurifier:htmlpurifier:3.3.0", "cpe:/a:mahara:mahara:1.1.2", "cpe:/a:htmlpurifier:htmlpurifier:1.4.0", "cpe:/a:mahara:mahara:1.0.3", "cpe:/a:htmlpurifier:htmlpurifier:1.3.0", "cpe:/a:htmlpurifier:htmlpurifier:2.1.3", "cpe:/a:htmlpurifier:htmlpurifier:1.2.0", "cpe:/a:htmlpurifier:htmlpurifier:1.0.1", "cpe:/a:mahara:mahara:1.0.6", "cpe:/a:htmlpurifier:htmlpurifier:1.1.1", "cpe:/a:htmlpurifier:htmlpurifier:2.0.1", "cpe:/a:mahara:mahara:0.9.1", "cpe:/a:mahara:mahara:1.1.8", "cpe:/a:mahara:mahara:1.1.0", "cpe:/a:htmlpurifier:htmlpurifier:1.4.1", "cpe:/a:mahara:mahara:1.0.12", "cpe:/a:mahara:mahara:1.0.13", "cpe:/a:htmlpurifier:htmlpurifier:2.1.2", "cpe:/a:htmlpurifier:htmlpurifier:3.0.0", "cpe:/a:htmlpurifier:htmlpurifier:1.6.1", "cpe:/a:mahara:mahara:1.1.1", "cpe:/a:mahara:mahara:1.0.8"], "id": "CVE-2010-2479", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2479", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:mahara:mahara:1.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:standalone:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:rc1:standalone:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.1:*:strict:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:standalone:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:1.6.0:*:strict:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:1.4.0:*:strict:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:lite:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:strict-lite:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.4:*:standalone:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.13:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:3.0.0:*:lite:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:0.9.2:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:strict-lite:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:3.2.0:*:lite:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:strict-standalone:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:strict-standalone:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:1.0.0:beta:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:strict-lite:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:*:lite:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:3.3.0:*:standalone:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:strict:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.0:*:strict:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:strict-standalone:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:4.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:strict-lite:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.14:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:1.4.1:*:strict:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:lite:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:rc1:lite:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:0.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:3.0.0:*:standalone:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:1.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:1.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.1:*:lite:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.5:*:lite:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:strict:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:1.5.0:*:strict:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:*:standalone:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:0.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.5:*:standalone:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.4:*:lite:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:standalone:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.3:*:lite:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.12:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:4.1.0:*:lite:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:1.4.0:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:4.0.0:*:lite:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.1:*:standalone:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:4.0.0:*:standalone:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.8:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:3.3.0:*:lite:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:1.6.1:*:strict:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:3.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:strict:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:strict:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:3.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:3.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:beta4:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.0:rc1:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:lite:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:3.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:4.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:3.2.0:*:standalone:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:beta3:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:4.1.0:*:standalone:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:alpha3:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.1.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:mahara:mahara:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.1:*:standalone:*:*:*:*:*", "cpe:2.3:a:htmlpurifier:htmlpurifier:2.1.2:*:strict-standalone:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:41", "description": "phpCAS before 1.1.2 allows remote authenticated users to hijack sessions via a query string containing a crafted ticket value.", "edition": 5, "cvss3": {}, "published": "2010-08-05T18:17:00", "title": "CVE-2010-2795", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2795"], "modified": "2017-08-17T01:32:00", "cpe": ["cpe:/a:joachim_fritschi:phpcas:0.4.12", "cpe:/a:joachim_fritschi:phpcas:0.5.1", "cpe:/a:joachim_fritschi:phpcas:0.4", "cpe:/a:joachim_fritschi:phpcas:0.3", "cpe:/a:joachim_fritschi:phpcas:0.4.4", "cpe:/a:joachim_fritschi:phpcas:0.4.9", "cpe:/a:joachim_fritschi:phpcas:1.0.0", "cpe:/a:joachim_fritschi:phpcas:0.4.16", "cpe:/a:joachim_fritschi:phpcas:0.4.7", "cpe:/a:joachim_fritschi:phpcas:0.4.17", "cpe:/a:joachim_fritschi:phpcas:0.4.8", "cpe:/a:joachim_fritschi:phpcas:0.4.18", "cpe:/a:joachim_fritschi:phpcas:0.4.14", "cpe:/a:joachim_fritschi:phpcas:0.4.3", "cpe:/a:joachim_fritschi:phpcas:0.4.22", "cpe:/a:joachim_fritschi:phpcas:0.6.0", "cpe:/a:joachim_fritschi:phpcas:0.4.20", "cpe:/a:joachim_fritschi:phpcas:0.4.21", "cpe:/a:joachim_fritschi:phpcas:1.1.0", "cpe:/a:joachim_fritschi:phpcas:0.4.23", "cpe:/a:joachim_fritschi:phpcas:0.4.2", "cpe:/a:joachim_fritschi:phpcas:0.2", "cpe:/a:joachim_fritschi:phpcas:0.4.1", "cpe:/a:joachim_fritschi:phpcas:0.4.6", "cpe:/a:joachim_fritschi:phpcas:0.4.10", "cpe:/a:joachim_fritschi:phpcas:0.4.11", "cpe:/a:joachim_fritschi:phpcas:0.3.1", "cpe:/a:joachim_fritschi:phpcas:0.4.15", "cpe:/a:joachim_fritschi:phpcas:1.0.1", "cpe:/a:joachim_fritschi:phpcas:0.5.0", "cpe:/a:joachim_fritschi:phpcas:0.4.5", "cpe:/a:joachim_fritschi:phpcas:1.1.1", "cpe:/a:joachim_fritschi:phpcas:0.3.2", "cpe:/a:joachim_fritschi:phpcas:0.4.13", "cpe:/a:joachim_fritschi:phpcas:0.4.19"], "id": "CVE-2010-2795", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2795", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:joachim_fritschi:phpcas:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.21:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.16:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.22:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.23:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.19:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.17:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.20:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.18:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T19:34:41", "description": "Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL.", "edition": 5, "cvss3": {}, "published": "2010-08-05T18:17:00", "title": "CVE-2010-2796", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-2796"], "modified": "2017-08-17T01:32:00", "cpe": ["cpe:/a:joachim_fritschi:phpcas:0.4.12", "cpe:/a:joachim_fritschi:phpcas:0.5.1", "cpe:/a:joachim_fritschi:phpcas:0.4", "cpe:/a:joachim_fritschi:phpcas:0.3", "cpe:/a:joachim_fritschi:phpcas:0.4.4", "cpe:/a:joachim_fritschi:phpcas:0.4.9", "cpe:/a:joachim_fritschi:phpcas:1.0.0", "cpe:/a:joachim_fritschi:phpcas:0.4.16", "cpe:/a:joachim_fritschi:phpcas:0.4.7", "cpe:/a:joachim_fritschi:phpcas:0.4.17", "cpe:/a:joachim_fritschi:phpcas:0.4.8", "cpe:/a:joachim_fritschi:phpcas:0.4.18", "cpe:/a:joachim_fritschi:phpcas:0.4.14", "cpe:/a:joachim_fritschi:phpcas:0.4.3", "cpe:/a:joachim_fritschi:phpcas:0.4.22", "cpe:/a:joachim_fritschi:phpcas:0.6.0", "cpe:/a:joachim_fritschi:phpcas:0.4.20", "cpe:/a:joachim_fritschi:phpcas:0.4.21", "cpe:/a:joachim_fritschi:phpcas:1.1.0", "cpe:/a:joachim_fritschi:phpcas:0.4.23", "cpe:/a:joachim_fritschi:phpcas:0.4.2", "cpe:/a:joachim_fritschi:phpcas:0.2", "cpe:/a:joachim_fritschi:phpcas:0.4.1", "cpe:/a:joachim_fritschi:phpcas:0.4.6", "cpe:/a:joachim_fritschi:phpcas:0.4.10", "cpe:/a:joachim_fritschi:phpcas:0.4.11", "cpe:/a:joachim_fritschi:phpcas:0.3.1", "cpe:/a:joachim_fritschi:phpcas:0.4.15", "cpe:/a:joachim_fritschi:phpcas:1.0.1", "cpe:/a:joachim_fritschi:phpcas:0.5.0", "cpe:/a:joachim_fritschi:phpcas:0.4.5", "cpe:/a:joachim_fritschi:phpcas:1.1.1", "cpe:/a:joachim_fritschi:phpcas:0.3.2", "cpe:/a:joachim_fritschi:phpcas:0.4.13", "cpe:/a:joachim_fritschi:phpcas:0.4.19"], "id": "CVE-2010-2796", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2796", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:joachim_fritschi:phpcas:0.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.6:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.13:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.15:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.21:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.3:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.16:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.22:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.23:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.19:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.17:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.7:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.11:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.20:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.10:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.2:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.18:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.14:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.12:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.5.0:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.8:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.9:*:*:*:*:*:*:*", "cpe:2.3:a:joachim_fritschi:phpcas:0.4.4:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2479", "CVE-2010-2795", "CVE-2010-2796"], "description": "Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities. ", "modified": "2010-08-21T04:31:17", "published": "2010-08-21T04:31:17", "id": "FEDORA:DCA1610F8F6", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: moodle-1.9.9-2.fc12", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2479", "CVE-2010-2795", "CVE-2010-2796"], "description": "Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities. ", "modified": "2010-08-24T01:10:42", "published": "2010-08-24T01:10:42", "id": "FEDORA:1230510F989", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: moodle-1.9.9-2.fc14", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2795", "CVE-2010-2796"], "description": "This package is a PEAR library for using a Central Authentication Service. ", "modified": "2010-09-01T05:43:28", "published": "2010-09-01T05:43:28", "id": "FEDORA:DCEB211165D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: php-pear-CAS-1.1.2-1.fc14", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2795", "CVE-2010-2796"], "description": "This package is a PEAR library for using a Central Authentication Service. ", "modified": "2010-08-30T18:26:18", "published": "2010-08-30T18:26:18", "id": "FEDORA:17736110C2B", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: php-pear-CAS-1.1.2-1.fc13", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2795", "CVE-2010-2796"], "description": "This package is a PEAR library for using a Central Authentication Service. ", "modified": "2010-08-30T18:27:21", "published": "2010-08-30T18:27:21", "id": "FEDORA:9645A110021", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: php-pear-CAS-1.1.2-1.fc12", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2795", "CVE-2010-2796", "CVE-2010-3690", "CVE-2010-3691", "CVE-2010-3692"], "description": "GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company (computer, software, printers...). It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-system wi th mail-notification and methods to build a database with basic information about your network-topology. ", "modified": "2010-11-05T22:55:18", "published": "2010-11-05T22:55:18", "id": "FEDORA:88FBC110ADD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: glpi-0.72.4-3.svn11497.fc13", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2010-2795", "CVE-2010-2796", "CVE-2010-3690", "CVE-2010-3691", "CVE-2010-3692"], "description": "GLPI is the Information Resource-Manager with an additional Administration- Interface. You can use it to build up a database with an inventory for your company (computer, software, printers...). It has enhanced functions to make the daily life for the administrators easier, like a job-tracking-system wi th mail-notification and methods to build a database with basic information about your network-topology. ", "modified": "2010-11-05T22:52:25", "published": "2010-11-05T22:52:25", "id": "FEDORA:EA9DD1104EC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 12 Update: glpi-0.72.4-3.svn11497.fc12", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}], "openvas": [{"lastseen": "2017-12-21T11:33:13", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2479", "CVE-2010-2795", "CVE-2010-2796"], "description": "Check for the Version of moodle", "modified": "2017-12-21T00:00:00", "published": "2010-12-02T00:00:00", "id": "OPENVAS:862641", "href": "http://plugins.openvas.org/nasl.php?oid=862641", "type": "openvas", "title": "Fedora Update for moodle FEDORA-2010-13396", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for moodle FEDORA-2010-13396\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"moodle on Fedora 14\";\ntag_insight = \"Moodle is a course management system (CMS) - a free, Open Source software\n package designed using sound pedagogical principles, to help educators create\n effective online learning communities.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046058.html\");\n script_id(862641);\n script_version(\"$Revision: 8205 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 07:30:37 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-13396\");\n script_cve_id(\"CVE-2010-2795\", \"CVE-2010-2796\", \"CVE-2010-2479\");\n script_name(\"Fedora Update for moodle FEDORA-2010-13396\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of moodle\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.9~2.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-19T15:05:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2479", "CVE-2010-2795", "CVE-2010-2796"], "description": "Check for the Version of moodle", "modified": "2018-01-19T00:00:00", "published": "2010-12-02T00:00:00", "id": "OPENVAS:1361412562310862641", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862641", "type": "openvas", "title": "Fedora Update for moodle FEDORA-2010-13396", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for moodle FEDORA-2010-13396\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"moodle on Fedora 14\";\ntag_insight = \"Moodle is a course management system (CMS) - a free, Open Source software\n package designed using sound pedagogical principles, to help educators create\n effective online learning communities.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046058.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862641\");\n script_version(\"$Revision: 8469 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-19 08:58:21 +0100 (Fri, 19 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-13396\");\n script_cve_id(\"CVE-2010-2795\", \"CVE-2010-2796\", \"CVE-2010-2479\");\n script_name(\"Fedora Update for moodle FEDORA-2010-13396\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of moodle\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.9~2.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:54:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2479", "CVE-2010-2795", "CVE-2010-2796"], "description": "Check for the Version of moodle", "modified": "2017-12-25T00:00:00", "published": "2010-08-24T00:00:00", "id": "OPENVAS:1361412562310862337", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862337", "type": "openvas", "title": "Fedora Update for moodle FEDORA-2010-13254", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for moodle FEDORA-2010-13254\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"moodle on Fedora 12\";\ntag_insight = \"Moodle is a course management system (CMS) - a free, Open Source software\n package designed using sound pedagogical principles, to help educators create\n effective online learning communities.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045996.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862337\");\n script_version(\"$Revision: 8244 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 08:29:28 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-24 07:04:19 +0200 (Tue, 24 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-13254\");\n script_cve_id(\"CVE-2010-2795\", \"CVE-2010-2796\", \"CVE-2010-2479\");\n script_name(\"Fedora Update for moodle FEDORA-2010-13254\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of moodle\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.9~2.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-12-14T11:48:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2479", "CVE-2010-2795", "CVE-2010-2796"], "description": "Check for the Version of moodle", "modified": "2017-12-13T00:00:00", "published": "2010-08-24T00:00:00", "id": "OPENVAS:862337", "href": "http://plugins.openvas.org/nasl.php?oid=862337", "type": "openvas", "title": "Fedora Update for moodle FEDORA-2010-13254", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for moodle FEDORA-2010-13254\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"moodle on Fedora 12\";\ntag_insight = \"Moodle is a course management system (CMS) - a free, Open Source software\n package designed using sound pedagogical principles, to help educators create\n effective online learning communities.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045996.html\");\n script_id(862337);\n script_version(\"$Revision: 8092 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-13 07:31:16 +0100 (Wed, 13 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-24 07:04:19 +0200 (Tue, 24 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-13254\");\n script_cve_id(\"CVE-2010-2795\", \"CVE-2010-2796\", \"CVE-2010-2479\");\n script_name(\"Fedora Update for moodle FEDORA-2010-13254\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of moodle\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC12\")\n{\n\n if ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.9~2.fc12\", rls:\"FC12\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-25T10:55:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2479", "CVE-2010-2795", "CVE-2010-2796"], "description": "Check for the Version of moodle", "modified": "2018-01-24T00:00:00", "published": "2010-08-24T00:00:00", "id": "OPENVAS:1361412562310862334", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862334", "type": "openvas", "title": "Fedora Update for moodle FEDORA-2010-13250", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for moodle FEDORA-2010-13250\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"moodle on Fedora 13\";\ntag_insight = \"Moodle is a course management system (CMS) - a free, Open Source software\n package designed using sound pedagogical principles, to help educators create\n effective online learning communities.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045992.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862334\");\n script_version(\"$Revision: 8510 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-24 08:57:42 +0100 (Wed, 24 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-24 07:04:19 +0200 (Tue, 24 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-13250\");\n script_cve_id(\"CVE-2010-2795\", \"CVE-2010-2796\", \"CVE-2010-2479\");\n script_name(\"Fedora Update for moodle FEDORA-2010-13250\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of moodle\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.9~2.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-02T10:54:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2479", "CVE-2010-2795", "CVE-2010-2796"], "description": "Check for the Version of moodle", "modified": "2017-12-25T00:00:00", "published": "2010-08-24T00:00:00", "id": "OPENVAS:862334", "href": "http://plugins.openvas.org/nasl.php?oid=862334", "type": "openvas", "title": "Fedora Update for moodle FEDORA-2010-13250", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for moodle FEDORA-2010-13250\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"moodle on Fedora 13\";\ntag_insight = \"Moodle is a course management system (CMS) - a free, Open Source software\n package designed using sound pedagogical principles, to help educators create\n effective online learning communities.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045992.html\");\n script_id(862334);\n script_version(\"$Revision: 8243 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-25 07:30:04 +0100 (Mon, 25 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-24 07:04:19 +0200 (Tue, 24 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-13250\");\n script_cve_id(\"CVE-2010-2795\", \"CVE-2010-2796\", \"CVE-2010-2479\");\n script_name(\"Fedora Update for moodle FEDORA-2010-13250\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of moodle\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.9~2.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2020-07-21T22:09:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2795", "CVE-2010-2796"], "description": "This host is installed with phpCAS and is prone to session\n hijacking and cross-site scripting vulnerabilities.", "modified": "2020-06-22T00:00:00", "published": "2010-08-19T00:00:00", "id": "OPENVAS:1361412562310801428", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801428", "type": "openvas", "title": "phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801428\");\n script_version(\"2020-06-22T08:41:58+0000\");\n script_tag(name:\"last_modification\", value:\"2020-06-22 08:41:58 +0000 (Mon, 22 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-08-19 10:23:11 +0200 (Thu, 19 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2010-2795\", \"CVE-2010-2796\");\n script_bugtraq_id(42162, 42160);\n script_name(\"phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/40845\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/60894\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/60895\");\n script_xref(name:\"URL\", value:\"https://issues.jasig.org/browse/PHPCAS-61\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\");\n script_exclude_keys(\"ssh/no_linux_shell\");\n\n script_tag(name:\"insight\", value:\"The flaw exists due to:\n\n - improper validation of service tickets prior to assigning the new session.\n This can be exploited to hijack another user's session by guessing valid\n service tickets.\n\n - improper validation of the callback URL.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"solution\", value:\"Upgrade to phpCAS version 1.1.2 or later.\");\n\n script_tag(name:\"summary\", value:\"This host is installed with phpCAS and is prone to session\n hijacking and cross-site scripting vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary HTML\n and script code in a user's browser session in the context of an affected\n site and to hijack another user's account and gain the victims privileges.\");\n\n script_tag(name:\"affected\", value:\"phpCAS version prior to 1.1.2.\");\n\n exit(0);\n}\n\ninclude(\"ssh_func.inc\");\ninclude(\"version_func.inc\");\n\nsock = ssh_login_or_reuse_connection();\nif(!sock)\n exit(0);\n\npaths = ssh_find_file(file_name:\"/CAS.php\", useregex:TRUE, regexpar:\"$\", sock:sock);\n\nforeach binName(paths) {\n\n binName = chomp(binName);\n if(!binName)\n continue;\n\n casVer = ssh_get_bin_version(full_prog_name:\"cat\", version_argv:binName, ver_pattern:\"PHPCAS_VERSION'.? '([0-9.]+)\", sock:sock);\n\n if(!isnull(casVer[1])) {\n if(version_is_less(version:casVer[1], test_version:\"1.1.2\")) {\n report = report_fixed_ver(installed_version:casVer[1], fixed_version:\"1.1.2\");\n security_message(port:0, data:report);\n ssh_close_connection();\n exit(0);\n }\n }\n}\n\nssh_close_connection();\nexit(0);\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2018-01-02T10:54:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2795", "CVE-2010-2796"], "description": "Check for the Version of php-pear-CAS", "modified": "2017-12-21T00:00:00", "published": "2010-09-07T00:00:00", "id": "OPENVAS:1361412562310862364", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862364", "type": "openvas", "title": "Fedora Update for php-pear-CAS FEDORA-2010-12258", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-pear-CAS FEDORA-2010-12258\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"php-pear-CAS on Fedora 13\";\ntag_insight = \"This package is a PEAR library for using a Central Authentication Service.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046576.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862364\");\n script_version(\"$Revision: 8207 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-21 08:30:12 +0100 (Thu, 21 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-09-07 07:38:40 +0200 (Tue, 07 Sep 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-12258\");\n script_cve_id(\"CVE-2010-2795\", \"CVE-2010-2796\");\n script_name(\"Fedora Update for php-pear-CAS FEDORA-2010-12258\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php-pear-CAS\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC13\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-pear-CAS\", rpm:\"php-pear-CAS~1.1.2~1.fc13\", rls:\"FC13\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-01-18T11:04:52", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2795", "CVE-2010-2796"], "description": "Check for the Version of php-pear-CAS", "modified": "2018-01-17T00:00:00", "published": "2010-12-02T00:00:00", "id": "OPENVAS:1361412562310862595", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310862595", "type": "openvas", "title": "Fedora Update for php-pear-CAS FEDORA-2010-12320", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for php-pear-CAS FEDORA-2010-12320\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"php-pear-CAS on Fedora 14\";\ntag_insight = \"This package is a PEAR library for using a Central Authentication Service.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2010-September/046693.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.862595\");\n script_version(\"$Revision: 8447 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-17 17:12:19 +0100 (Wed, 17 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-12-02 08:39:14 +0100 (Thu, 02 Dec 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_xref(name: \"FEDORA\", value: \"2010-12320\");\n script_cve_id(\"CVE-2010-2795\", \"CVE-2010-2796\");\n script_name(\"Fedora Update for php-pear-CAS FEDORA-2010-12320\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of php-pear-CAS\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC14\")\n{\n\n if ((res = isrpmvuln(pkg:\"php-pear-CAS\", rpm:\"php-pear-CAS~1.1.2~1.fc14\", rls:\"FC14\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2017-11-21T11:04:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2795", "CVE-2010-2796"], "description": "This host is installed with phpCAS and is prone to session\n hijacking and cross-site scripting vulnerabilities.", "modified": "2017-11-20T00:00:00", "published": "2010-08-19T00:00:00", "id": "OPENVAS:801428", "href": "http://plugins.openvas.org/nasl.php?oid=801428", "type": "openvas", "title": "phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_phpcas_session_hijack_n_xss_vuln.nasl 7823 2017-11-20 08:54:04Z cfischer $\n#\n# phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to execute arbitrary HTML\n and script code in a user's browser session in the context of an affected\n site and to hijack another user's account and gain the victims privileges.\n Impact Level: Application.\";\ntag_affected = \"phpCAS version prior to 1.1.2\";\n\ntag_insight = \"The flaw exists due to:\n - improper validation of service tickets prior to assigning the new session.\n This can be exploited to hijack another user's session by guessing valid\n service tickets.\n - improper validation of the callback URL.\";\ntag_solution = \"Upgrade to phpCAS version 1.1.2 or later,\n For updates refer to https://wiki.jasig.org/display/CASC/phpCAS\";\ntag_summary = \"This host is installed with phpCAS and is prone to session\n hijacking and cross-site scripting vulnerabilities.\";\n\nif(description)\n{\n script_id(801428);\n script_version(\"$Revision: 7823 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-11-20 09:54:04 +0100 (Mon, 20 Nov 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-08-19 10:23:11 +0200 (Thu, 19 Aug 2010)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2010-2795\", \"CVE-2010-2796\");\n script_bugtraq_id(42162,42160);\n script_name(\"phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/40845\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/60894\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/60895\");\n script_xref(name : \"URL\" , value : \"https://issues.jasig.org/browse/PHPCAS-61\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"login/SSH/success\");\n script_exclude_keys(\"ssh/no_linux_shell\");\n\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n exit(0);\n}\n\n\ninclude(\"ssh_func.inc\");\ninclude(\"version_func.inc\");\n\nsock = ssh_login_or_reuse_connection();\nif(!sock){\n exit(0);\n}\n\npaths = find_file(file_name:\"CAS.php\",file_path:\"/usr/share/pear/\",\n useregex:TRUE, regexpar:\"$\", sock:sock);\n\nforeach binName (paths)\n{\n ## Grep the version\n casVer = get_bin_version(full_prog_name:\"cat\", version_argv:binName,\n ver_pattern:\"PHPCAS_VERSION'.? '([0-9.]+)\",\n sock:sock);\n\n if(casVer[1] != NULL)\n {\n ## Check phpCAS version < 1.1.2\n if(version_is_less(version:casVer[1], test_version:\"1.1.2\"))\n {\n security_message(0);\n close(sock);\n exit(0);\n }\n }\n}\nclose(sock);\nssh_close_connection();\n", "cvss": {"score": 4.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2021-01-12T10:07:56", "description": "Multiple security fixes. No longer uses bundled php-pear-CAS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-08-23T00:00:00", "title": "Fedora 13 : moodle-1.9.9-2.fc13 (2010-13250)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2479", "CVE-2010-2795", "CVE-2010-2796"], "modified": "2010-08-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:moodle", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-13250.NASL", "href": "https://www.tenable.com/plugins/nessus/48393", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-13250.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48393);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2479\", \"CVE-2010-2795\", \"CVE-2010-2796\");\n script_bugtraq_id(41259, 42160, 42162);\n script_xref(name:\"FEDORA\", value:\"2010-13250\");\n\n script_name(english:\"Fedora 13 : moodle-1.9.9-2.fc13 (2010-13250)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security fixes. No longer uses bundled php-pear-CAS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=620743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=620751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=624753\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/045992.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be4e6e34\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"moodle-1.9.9-2.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:07:56", "description": "Multiple security fixes. No longer uses bundled php-pear-CAS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-08-23T00:00:00", "title": "Fedora 12 : moodle-1.9.9-2.fc12 (2010-13254)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2479", "CVE-2010-2795", "CVE-2010-2796"], "modified": "2010-08-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:moodle", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-13254.NASL", "href": "https://www.tenable.com/plugins/nessus/48394", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-13254.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48394);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2479\", \"CVE-2010-2795\", \"CVE-2010-2796\");\n script_bugtraq_id(41259, 42160, 42162);\n script_xref(name:\"FEDORA\", value:\"2010-13254\");\n\n script_name(english:\"Fedora 12 : moodle-1.9.9-2.fc12 (2010-13254)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security fixes. No longer uses bundled php-pear-CAS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=620743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=620751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=624753\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/045996.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?35c83fa8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"moodle-1.9.9-2.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:07:57", "description": "Multiple security fixes. No longer uses bundled php-pear-CAS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2010-08-24T00:00:00", "title": "Fedora 14 : moodle-1.9.9-2.fc14 (2010-13396)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2479", "CVE-2010-2795", "CVE-2010-2796"], "modified": "2010-08-24T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:moodle", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2010-13396.NASL", "href": "https://www.tenable.com/plugins/nessus/48418", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-13396.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48418);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2479\", \"CVE-2010-2795\", \"CVE-2010-2796\");\n script_bugtraq_id(41259, 42160, 42162);\n script_xref(name:\"FEDORA\", value:\"2010-13396\");\n\n script_name(english:\"Fedora 14 : moodle-1.9.9-2.fc14 (2010-13396)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security fixes. No longer uses bundled php-pear-CAS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=620743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=620751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=624753\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/046058.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?348a66d5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"moodle-1.9.9-2.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:07:54", "description": "Security fixes * Fix a session hijacking hole CVE-2010-2795\n[PHPCAS-61] * callbackurl in proxy mode should be urlencoded, possible\nXSS CVE-2010-2796 [PHPCAS-67] Bug fixes * Fix warnings for SAML\nresponses without attributes [PHPCAS-59] * Fix duplicate SAML debug\noutput [PHPCAS-64] * Providing a new ST/PT/SA during an authenticated\nsession will be ignored and a warning will be issued to the debug log.\n[PHPCAS-61] * fix 2 undefinded variable notices in serviceWeb()\n[PHPCAS-68] * Prevent domxml-php4-to-php5 to be inclueded twice\n[PHPCAS-48] Improvement * Debuglog now contains phpCAS version\ninformation [PHPCAS-62]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-08-31T00:00:00", "title": "Fedora 13 : php-pear-CAS-1.1.2-1.fc13 (2010-12258)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2795", "CVE-2010-2796"], "modified": "2010-08-31T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php-pear-CAS", "cpe:/o:fedoraproject:fedora:13"], "id": "FEDORA_2010-12258.NASL", "href": "https://www.tenable.com/plugins/nessus/48930", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-12258.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48930);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2795\", \"CVE-2010-2796\");\n script_bugtraq_id(42160, 42162);\n script_xref(name:\"FEDORA\", value:\"2010-12258\");\n\n script_name(english:\"Fedora 13 : php-pear-CAS-1.1.2-1.fc13 (2010-12258)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fixes * Fix a session hijacking hole CVE-2010-2795\n[PHPCAS-61] * callbackurl in proxy mode should be urlencoded, possible\nXSS CVE-2010-2796 [PHPCAS-67] Bug fixes * Fix warnings for SAML\nresponses without attributes [PHPCAS-59] * Fix duplicate SAML debug\noutput [PHPCAS-64] * Providing a new ST/PT/SA during an authenticated\nsession will be ignored and a warning will be issued to the debug log.\n[PHPCAS-61] * fix 2 undefinded variable notices in serviceWeb()\n[PHPCAS-68] * Prevent domxml-php4-to-php5 to be inclueded twice\n[PHPCAS-48] Improvement * Debuglog now contains phpCAS version\ninformation [PHPCAS-62]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=620743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=620751\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/046576.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2f8032eb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php-pear-CAS package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-pear-CAS\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"php-pear-CAS-1.1.2-1.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-pear-CAS\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:07:54", "description": "Security fixes * Fix a session hijacking hole CVE-2010-2795\n[PHPCAS-61] * callbackurl in proxy mode should be urlencoded, possible\nXSS CVE-2010-2796 [PHPCAS-67] Bug fixes * Fix warnings for SAML\nresponses without attributes [PHPCAS-59] * Fix duplicate SAML debug\noutput [PHPCAS-64] * Providing a new ST/PT/SA during an authenticated\nsession will be ignored and a warning will be issued to the debug log.\n[PHPCAS-61] * fix 2 undefinded variable notices in serviceWeb()\n[PHPCAS-68] * Prevent domxml-php4-to-php5 to be inclueded twice\n[PHPCAS-48] Improvement * Debuglog now contains phpCAS version\ninformation [PHPCAS-62]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-08-31T00:00:00", "title": "Fedora 12 : php-pear-CAS-1.1.2-1.fc12 (2010-12247)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2795", "CVE-2010-2796"], "modified": "2010-08-31T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php-pear-CAS", "cpe:/o:fedoraproject:fedora:12"], "id": "FEDORA_2010-12247.NASL", "href": "https://www.tenable.com/plugins/nessus/48929", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-12247.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(48929);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2795\", \"CVE-2010-2796\");\n script_bugtraq_id(42160, 42162);\n script_xref(name:\"FEDORA\", value:\"2010-12247\");\n\n script_name(english:\"Fedora 12 : php-pear-CAS-1.1.2-1.fc12 (2010-12247)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fixes * Fix a session hijacking hole CVE-2010-2795\n[PHPCAS-61] * callbackurl in proxy mode should be urlencoded, possible\nXSS CVE-2010-2796 [PHPCAS-67] Bug fixes * Fix warnings for SAML\nresponses without attributes [PHPCAS-59] * Fix duplicate SAML debug\noutput [PHPCAS-64] * Providing a new ST/PT/SA during an authenticated\nsession will be ignored and a warning will be issued to the debug log.\n[PHPCAS-61] * fix 2 undefinded variable notices in serviceWeb()\n[PHPCAS-68] * Prevent domxml-php4-to-php5 to be inclueded twice\n[PHPCAS-48] Improvement * Debuglog now contains phpCAS version\ninformation [PHPCAS-62]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=620743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=620751\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-August/046584.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?829a6e5c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php-pear-CAS package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-pear-CAS\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/08/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"php-pear-CAS-1.1.2-1.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-pear-CAS\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:07:55", "description": "Security fixes * Fix a session hijacking hole CVE-2010-2795\n[PHPCAS-61] * callbackurl in proxy mode should be urlencoded, possible\nXSS CVE-2010-2796 [PHPCAS-67] Bug fixes * Fix warnings for SAML\nresponses without attributes [PHPCAS-59] * Fix duplicate SAML debug\noutput [PHPCAS-64] * Providing a new ST/PT/SA during an authenticated\nsession will be ignored and a warning will be issued to the debug log.\n[PHPCAS-61] * fix 2 undefinded variable notices in serviceWeb()\n[PHPCAS-68] * Prevent domxml-php4-to-php5 to be inclueded twice\n[PHPCAS-48] Improvement * Debuglog now contains phpCAS version\ninformation [PHPCAS-62]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2010-09-02T00:00:00", "title": "Fedora 14 : php-pear-CAS-1.1.2-1.fc14 (2010-12320)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-2795", "CVE-2010-2796"], "modified": "2010-09-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:php-pear-CAS", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2010-12320.NASL", "href": "https://www.tenable.com/plugins/nessus/49073", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-12320.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(49073);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2795\", \"CVE-2010-2796\");\n script_bugtraq_id(42160, 42162);\n script_xref(name:\"FEDORA\", value:\"2010-12320\");\n\n script_name(english:\"Fedora 14 : php-pear-CAS-1.1.2-1.fc14 (2010-12320)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security fixes * Fix a session hijacking hole CVE-2010-2795\n[PHPCAS-61] * callbackurl in proxy mode should be urlencoded, possible\nXSS CVE-2010-2796 [PHPCAS-67] Bug fixes * Fix warnings for SAML\nresponses without attributes [PHPCAS-59] * Fix duplicate SAML debug\noutput [PHPCAS-64] * Providing a new ST/PT/SA during an authenticated\nsession will be ignored and a warning will be issued to the debug log.\n[PHPCAS-61] * fix 2 undefinded variable notices in serviceWeb()\n[PHPCAS-68] * Prevent domxml-php4-to-php5 to be inclueded twice\n[PHPCAS-48] Improvement * Debuglog now contains phpCAS version\ninformation [PHPCAS-62]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=620743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=620751\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-September/046693.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?cd2ad32f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected php-pear-CAS package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:php-pear-CAS\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/09/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"php-pear-CAS-1.1.2-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"php-pear-CAS\");\n}\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:08:20", "description": "Switch to system phpCAS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-11-07T00:00:00", "title": "Fedora 13 : glpi-0.72.4-3.svn11497.fc13 (2010-16912)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3692", "CVE-2010-3691", "CVE-2010-2795", "CVE-2010-2796", "CVE-2010-3690"], "modified": "2010-11-07T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:13", "p-cpe:/a:fedoraproject:fedora:glpi"], "id": "FEDORA_2010-16912.NASL", "href": "https://www.tenable.com/plugins/nessus/50499", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16912.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50499);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2795\", \"CVE-2010-2796\", \"CVE-2010-3690\", \"CVE-2010-3691\", \"CVE-2010-3692\");\n script_bugtraq_id(42160, 42162, 43585);\n script_xref(name:\"FEDORA\", value:\"2010-16912\");\n\n script_name(english:\"Fedora 13 : glpi-0.72.4-3.svn11497.fc13 (2010-16912)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Switch to system phpCAS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=620743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=620751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=646659\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050428.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?394532ae\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glpi package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:glpi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:13\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^13([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 13.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC13\", reference:\"glpi-0.72.4-3.svn11497.fc13\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glpi\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-12T10:08:19", "description": "Switch to system phpCAS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2010-11-07T00:00:00", "title": "Fedora 12 : glpi-0.72.4-3.svn11497.fc12 (2010-16905)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3692", "CVE-2010-3691", "CVE-2010-2795", "CVE-2010-2796", "CVE-2010-3690"], "modified": "2010-11-07T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:12", "p-cpe:/a:fedoraproject:fedora:glpi"], "id": "FEDORA_2010-16905.NASL", "href": "https://www.tenable.com/plugins/nessus/50498", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2010-16905.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(50498);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2010-2795\", \"CVE-2010-2796\", \"CVE-2010-3690\", \"CVE-2010-3691\", \"CVE-2010-3692\");\n script_bugtraq_id(42160, 42162, 43585);\n script_xref(name:\"FEDORA\", value:\"2010-16905\");\n\n script_name(english:\"Fedora 12 : glpi-0.72.4-3.svn11497.fc12 (2010-16905)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Switch to system phpCAS.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=620743\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=620751\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=646659\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2010-November/050415.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c2ff24a4\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected glpi package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:glpi\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:12\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/11/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^12([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 12.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC12\", reference:\"glpi-0.72.4-3.svn11497.fc12\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"glpi\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-06T09:46:17", "description": "Several vulnerabilities have been discovered in phpCAS, a CAS client\nlibrary for PHP. The Moodle course management system includes a copy\nof phpCAS.", "edition": 17, "published": "2011-02-23T00:00:00", "title": "Debian DSA-2172-1 : moodle - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-3692", "CVE-2010-3691", "CVE-2010-2795", "CVE-2010-2796", "CVE-2010-3690"], "modified": "2011-02-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:moodle", "cpe:/o:debian:debian_linux:5.0"], "id": "DEBIAN_DSA-2172.NASL", "href": "https://www.tenable.com/plugins/nessus/52056", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2172. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(52056);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-2795\", \"CVE-2010-2796\", \"CVE-2010-3690\", \"CVE-2010-3691\", \"CVE-2010-3692\");\n script_bugtraq_id(42160, 42162, 43585);\n script_xref(name:\"DSA\", value:\"2172\");\n\n script_name(english:\"Debian DSA-2172-1 : moodle - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in phpCAS, a CAS client\nlibrary for PHP. The Moodle course management system includes a copy\nof phpCAS.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2011/dsa-2172\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the moodle packages.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.8.13-3.\n\nThe stable distribution (squeeze) already contains a fixed version of\nphpCAS.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"moodle\", reference:\"1.8.13-3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-06T09:46:00", "description": "Several vulnerabilities were discovered in mahara, an electronic\nportfolio, weblog, and resume builder. The following Common\nVulnerabilities and Exposures project ids identify them :\n\n - CVE-2010-1667\n Multiple pages performed insufficient input sanitising,\n making them vulnerable to cross-site scripting attacks.\n\n - CVE-2010-1668\n Multiple forms lacked protection against cross-site\n request forgery attacks, therefore making them\n vulnerable.\n\n - CVE-2010-1670\n Gregor Anzelj discovered that it was possible to\n accidentally configure an installation of mahara that\n allows access to another user's account without a\n password.\n\n - CVE-2010-2479\n Certain Internet Explorer-specific cross-site scripting\n vulnerabilities were discovered in HTML Purifier, of\n which a copy is included in the mahara package.", "edition": 27, "published": "2010-07-05T00:00:00", "title": "Debian DSA-2067-1 : mahara - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1668", "CVE-2010-1670", "CVE-2010-2479", "CVE-2010-1667"], "modified": "2010-07-05T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:mahara"], "id": "DEBIAN_DSA-2067.NASL", "href": "https://www.tenable.com/plugins/nessus/47589", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2067. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(47589);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2010-1667\", \"CVE-2010-1668\", \"CVE-2010-1670\", \"CVE-2010-2479\");\n script_bugtraq_id(41259);\n script_xref(name:\"DSA\", value:\"2067\");\n\n script_name(english:\"Debian DSA-2067-1 : mahara - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in mahara, an electronic\nportfolio, weblog, and resume builder. The following Common\nVulnerabilities and Exposures project ids identify them :\n\n - CVE-2010-1667\n Multiple pages performed insufficient input sanitising,\n making them vulnerable to cross-site scripting attacks.\n\n - CVE-2010-1668\n Multiple forms lacked protection against cross-site\n request forgery attacks, therefore making them\n vulnerable.\n\n - CVE-2010-1670\n Gregor Anzelj discovered that it was possible to\n accidentally configure an installation of mahara that\n allows access to another user's account without a\n password.\n\n - CVE-2010-2479\n Certain Internet Explorer-specific cross-site scripting\n vulnerabilities were discovered in HTML Purifier, of\n which a copy is included in the mahara package.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1667\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1668\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-1670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2010-2479\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2067\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the mahara packages.\n\nFor the stable distribution (lenny), the problems have been fixed in\nversion 1.0.4-4+lenny6.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mahara\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/07/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/07/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"mahara\", reference:\"1.0.4-4+lenny6\")) flag++;\nif (deb_check(release:\"5.0\", prefix:\"mahara-apache2\", reference:\"1.0.4-4+lenny6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:23:07", "bulletinFamily": "unix", "cvelist": ["CVE-2010-3692", "CVE-2010-3691", "CVE-2010-2795", "CVE-2010-2796", "CVE-2010-3690"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2172-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 22, 2011 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : moodle\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2010-2795 CVE-2010-2796 CVE-2010-3690 CVE-2010-3691 CVE-2010-3692\n\nSeveral vulnerabilties have been discovered in phpCAS, a CAS client \nlibrary for PHP. The Moodle course management system includes a copy\nof phpCAS.\n\nFor the oldstable distribution (lenny), this problem has been fixed in\nversion 1.8.13-3.\n\nThe stable distribution (squeeze) already contains a fixed version of\nphpCAS.\n\nThe unstable distribution (sid) already contains a fixed version of\nphpCAS.\n\nWe recommend that you upgrade your moodle packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 2, "modified": "2011-02-22T21:44:53", "published": "2011-02-22T21:44:53", "id": "DEBIAN:DSA-2172-1:25D0F", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2011/msg00038.html", "title": "[SECURITY] [DSA 2172-1] moodle security update", "type": "debian", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2020-11-11T13:16:41", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1668", "CVE-2010-1670", "CVE-2010-2479", "CVE-2010-1667"], "description": "- ------------------------------------------------------------------------\nDebian Security Advisory DSA-2067-1 security@debian.org\nhttp://www.debian.org/security/ Raphael Geissert\nJul 02, 2010 http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage : mahara\nVulnerability : several\nProblem type : remote\nDebian-specific: no\nCVE Id(s) : CVE-2010-1667 CVE-2010-1668 CVE-2010-1670 CVE-2010-2479\n\nSeveral vulnerabilities were discovered in mahara, an electronic portfolio,\nweblog, and resume builder. The following Common Vulnerabilities and\nExposures project ids identify them:\n\nCVE-2010-1667\n\n Multiple pages performed insufficient input sanitising, making them\n vulnerable to cross-site scripting attacks.\n\nCVE-2010-1668\n\n Multiple forms lacked protection against cross-site request forgery\n attacks, therefore making them vulnerable.\n\nCVE-2010-1670\n\n Gregor Anzelj discovered that it was possible to accidentally\n configure an installation of mahara that allows access to another\n user's account without a password.\n\nCVE-2010-2479\n\n Certain Internet Explorer-specific cross-site scripting\n vulnerabilities were discovered in HTML Purifier, of which a copy\n is included in the mahara package.\n\nFor the stable distribution (lenny), the problems have been fixed in\nversion 1.0.4-4+lenny6.\n\nFor the testing distribution (squeeze), the problems will be fixed soon.\n\nFor the unstable distribution (sid), the problems have been fixed in\nversion 1.2.5.\n\n\nWe recommend that you upgrade your mahara packages.\n\nUpgrade instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 5.0 (stable) alias lenny\n- --------------------------------\n\nStable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.\n\nSource archives:\n\n http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny6.diff.gz\n Size/MD5 checksum: 46220 9baa14e3e23118a908bb2beec8b4fd7f\n http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4.orig.tar.gz\n Size/MD5 checksum: 2383079 cf1158e4fe3cdba14fb1b71657bf8cc9\n http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny6.dsc\n Size/MD5 checksum: 1943 79d1fbafd665c9bfd5b9cf66a5831d4c\n\nArchitecture independent packages:\n\n http://security.debian.org/pool/updates/main/m/mahara/mahara-apache2_1.0.4-4+lenny6_all.deb\n Size/MD5 checksum: 8274 ad3af96747d75ddc6fdff4a3c4472845\n http://security.debian.org/pool/updates/main/m/mahara/mahara_1.0.4-4+lenny6_all.deb\n Size/MD5 checksum: 1639192 838dd2d7f726af2ff773f6e01ee1b330\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "edition": 3, "modified": "2010-07-02T16:20:00", "published": "2010-07-02T16:20:00", "id": "DEBIAN:DSA-2067-1:D4D76", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2010/msg00111.html", "title": "[SECURITY] [DSA-2067-1] New mahara packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
