{"id": "SUSE_MOODLE-6108.NASL", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : moodle (moodle-6108)", "description": "moodle was prone to several cross-site-scripting (XSS) and\ncross-site-request-forgery (CSRF) problems (CVE-2009-0499,\nCVE-2009-0500, CVE-2009-0501, CVE-2009-0502).", "published": "2009-03-24T00:00:00", "modified": "2009-03-24T00:00:00", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/36008", "reporter": "This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.", "references": [], "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "type": "nessus", "lastseen": "2021-01-17T14:46:35", "edition": 24, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-0500", "CVE-2009-0499", "CVE-2009-0501", "CVE-2009-0502"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231063410", "OPENVAS:136141256231063405", "OPENVAS:136141256231063687", "OPENVAS:1361412562310800240", "OPENVAS:63390", "OPENVAS:63405", "OPENVAS:64320", "OPENVAS:63410", "OPENVAS:136141256231063390", "OPENVAS:800240"]}, {"type": "nessus", "idList": ["MOODLE_FORUM_CSRF.NASL", "UBUNTU_USN-791-1.NASL", "DEBIAN_DSA-1724.NASL", "SUSE_11_1_MOODLE-090319.NASL", "SUSE_11_0_MOODLE-090320.NASL", "FEDORA_2009-1641.NASL", "FEDORA_2009-1699.NASL"]}, {"type": "fedora", "idList": ["FEDORA:4424B20894E", "FEDORA:6D2242084D5", "FEDORA:9CD3820851E", "FEDORA:0C0B6208959", "FEDORA:7E1DF10F85C"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9681", "SECURITYVULNS:DOC:21355"]}, {"type": "debian", "idList": ["DEBIAN:DSA-1724-1:A27A9"]}, {"type": "ubuntu", "idList": ["USN-791-1"]}], "modified": "2021-01-17T14:46:35", "rev": 2}, "score": {"value": 5.6, "vector": "NONE", "modified": "2021-01-17T14:46:35", "rev": 2}, "vulnersScore": 5.6}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update moodle-6108.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(36008);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\");\n\n script_name(english:\"openSUSE 10 Security Update : moodle (moodle-6108)\");\n script_summary(english:\"Check for the moodle-6108 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"moodle was prone to several cross-site-scripting (XSS) and\ncross-site-request-forgery (CSRF) problems (CVE-2009-0499,\nCVE-2009-0500, CVE-2009-0501, CVE-2009-0502).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_cwe_id(79, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de_du\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-mi_tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-zh_cn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-af-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ar-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-be-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-bg-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-bs-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ca-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-cs-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-da-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-de-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-de_du-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-el-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-es-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-et-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-eu-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-fa-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-fi-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-fr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ga-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-gl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-he-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-hi-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-hr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-hu-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-id-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-is-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-it-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ja-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ka-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-km-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-kn-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ko-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-lt-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-lv-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-mi_tn-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ms-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-nl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-nn-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-no-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-pl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-pt-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ro-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ru-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sk-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-so-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sq-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sv-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-th-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-tl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-tr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-uk-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-vi-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-zh_cn-1.8.2-17.12\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle / moodle-af / moodle-ar / moodle-be / moodle-bg / moodle-bs / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "36008", "cpe": ["p-cpe:/a:novell:opensuse:moodle-km", "p-cpe:/a:novell:opensuse:moodle-he", "p-cpe:/a:novell:opensuse:moodle-ga", "p-cpe:/a:novell:opensuse:moodle-is", "p-cpe:/a:novell:opensuse:moodle-fa", "cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:moodle-ja", "p-cpe:/a:novell:opensuse:moodle-sq", "p-cpe:/a:novell:opensuse:moodle-da", "p-cpe:/a:novell:opensuse:moodle-sv", "p-cpe:/a:novell:opensuse:moodle-hu", "p-cpe:/a:novell:opensuse:moodle-nn", "p-cpe:/a:novell:opensuse:moodle-kn", "p-cpe:/a:novell:opensuse:moodle-af", "p-cpe:/a:novell:opensuse:moodle-de_du", "p-cpe:/a:novell:opensuse:moodle-tr", "p-cpe:/a:novell:opensuse:moodle-hi", "p-cpe:/a:novell:opensuse:moodle-eu", "p-cpe:/a:novell:opensuse:moodle-lv", "p-cpe:/a:novell:opensuse:moodle-pl", "p-cpe:/a:novell:opensuse:moodle-sr", "p-cpe:/a:novell:opensuse:moodle-ar", "p-cpe:/a:novell:opensuse:moodle-ms", "p-cpe:/a:novell:opensuse:moodle-gl", "p-cpe:/a:novell:opensuse:moodle", "p-cpe:/a:novell:opensuse:moodle-fi", "p-cpe:/a:novell:opensuse:moodle-fr", "p-cpe:/a:novell:opensuse:moodle-et", "p-cpe:/a:novell:opensuse:moodle-vi", "p-cpe:/a:novell:opensuse:moodle-id", "p-cpe:/a:novell:opensuse:moodle-mi_tn", "p-cpe:/a:novell:opensuse:moodle-th", "p-cpe:/a:novell:opensuse:moodle-el", "p-cpe:/a:novell:opensuse:moodle-lt", "p-cpe:/a:novell:opensuse:moodle-de", "p-cpe:/a:novell:opensuse:moodle-ko", "p-cpe:/a:novell:opensuse:moodle-it", "p-cpe:/a:novell:opensuse:moodle-ru", "p-cpe:/a:novell:opensuse:moodle-bs", "p-cpe:/a:novell:opensuse:moodle-zh_cn", "p-cpe:/a:novell:opensuse:moodle-hr", "p-cpe:/a:novell:opensuse:moodle-sl", "p-cpe:/a:novell:opensuse:moodle-nl", "p-cpe:/a:novell:opensuse:moodle-ka", "p-cpe:/a:novell:opensuse:moodle-no", "p-cpe:/a:novell:opensuse:moodle-cs", "p-cpe:/a:novell:opensuse:moodle-ro", "p-cpe:/a:novell:opensuse:moodle-pt", "p-cpe:/a:novell:opensuse:moodle-tl", "p-cpe:/a:novell:opensuse:moodle-uk", "p-cpe:/a:novell:opensuse:moodle-es", "p-cpe:/a:novell:opensuse:moodle-be", "p-cpe:/a:novell:opensuse:moodle-ca", "p-cpe:/a:novell:opensuse:moodle-bg", "p-cpe:/a:novell:opensuse:moodle-sk", "p-cpe:/a:novell:opensuse:moodle-so"], "scheme": null}

{"cve": [{"lastseen": "2020-12-02T13:56:51", "description": "Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php.", "edition": 4, "cvss3": {}, "published": "2009-02-10T02:30:00", "title": "CVE-2009-0499", "type": "cve", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0499"], "modified": "2020-12-01T14:43:00", "cpe": ["cpe:/a:moodle:moodle:1.8.7", "cpe:/a:moodle:moodle:1.8.2", "cpe:/a:moodle:moodle:1.9.2", "cpe:/a:moodle:moodle:1.8.6", "cpe:/a:moodle:moodle:1.7.4", "cpe:/a:moodle:moodle:1.8.4", "cpe:/a:moodle:moodle:1.7.1", "cpe:/a:moodle:moodle:1.7.3", "cpe:/a:moodle:moodle:1.9.1", "cpe:/a:moodle:moodle:1.8.1", "cpe:/a:moodle:moodle:1.8.5", "cpe:/a:moodle:moodle:1.7.2", "cpe:/a:moodle:moodle:1.7.5", "cpe:/a:moodle:moodle:1.9.3", "cpe:/a:moodle:moodle:1.8.3", "cpe:/a:moodle:moodle:1.7.6"], "id": "CVE-2009-0499", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0499", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}, "cpe23": ["cpe:2.3:a:moodle:moodle:1.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-02T13:56:51", "description": "Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.", "edition": 4, "cvss3": {}, "published": "2009-02-10T02:30:00", "title": "CVE-2009-0500", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0500"], "modified": "2020-12-01T14:43:00", "cpe": ["cpe:/a:moodle:moodle:1.6.6", "cpe:/a:moodle:moodle:1.8.7", "cpe:/a:moodle:moodle:1.8.2", "cpe:/a:moodle:moodle:1.9.2", "cpe:/a:moodle:moodle:1.8.6", "cpe:/a:moodle:moodle:1.7.4", "cpe:/a:moodle:moodle:1.6.0", "cpe:/a:moodle:moodle:1.6.3", "cpe:/a:moodle:moodle:1.6.7", "cpe:/a:moodle:moodle:1.8.4", "cpe:/a:moodle:moodle:1.6.2", "cpe:/a:moodle:moodle:1.6.1", "cpe:/a:moodle:moodle:1.6.5", "cpe:/a:moodle:moodle:1.7.1", "cpe:/a:moodle:moodle:1.7.3", "cpe:/a:moodle:moodle:1.6.8", "cpe:/a:moodle:moodle:1.9.1", "cpe:/a:moodle:moodle:1.8.1", "cpe:/a:moodle:moodle:1.8.5", "cpe:/a:moodle:moodle:1.7.2", "cpe:/a:moodle:moodle:1.6.4", "cpe:/a:moodle:moodle:1.7.5", "cpe:/a:moodle:moodle:1.9.3", "cpe:/a:moodle:moodle:1.8.3", "cpe:/a:moodle:moodle:1.7.6"], "id": "CVE-2009-0500", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0500", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:moodle:moodle:1.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.6.5:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.6.4:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.6.8:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.6.7:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.6.0:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.6.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.6.6:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-02T13:56:51", "description": "Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct \"brute force attacks on user accounts\" via unknown vectors.", "edition": 4, "cvss3": {}, "published": "2009-02-10T02:30:00", "title": "CVE-2009-0501", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0501"], "modified": "2020-12-01T14:43:00", "cpe": ["cpe:/a:moodle:moodle:1.8.7", "cpe:/a:moodle:moodle:1.8.2", "cpe:/a:moodle:moodle:1.9.2", "cpe:/a:moodle:moodle:1.8.6", "cpe:/a:moodle:moodle:1.8.4", "cpe:/a:moodle:moodle:1.9.1", "cpe:/a:moodle:moodle:1.8.1", "cpe:/a:moodle:moodle:1.8.5", "cpe:/a:moodle:moodle:1.9.3", "cpe:/a:moodle:moodle:1.8.3"], "id": "CVE-2009-0501", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0501", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:moodle:moodle:1.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-02T13:56:51", "description": "Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the \"Login as\" feature is used to visit a MyMoodle or Blog page.", "edition": 4, "cvss3": {}, "published": "2009-02-10T02:30:00", "title": "CVE-2009-0502", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0502"], "modified": "2020-12-01T14:43:00", "cpe": ["cpe:/a:moodle:moodle:1.8.7", "cpe:/a:moodle:moodle:1.8.2", "cpe:/a:moodle:moodle:1.9.2", "cpe:/a:moodle:moodle:1.8.6", "cpe:/a:moodle:moodle:1.7.4", "cpe:/a:moodle:moodle:1.8.4", "cpe:/a:moodle:moodle:1.7.1", "cpe:/a:moodle:moodle:1.7.3", "cpe:/a:moodle:moodle:1.7.0", "cpe:/a:moodle:moodle:1.9.1", "cpe:/a:moodle:moodle:1.8.1", "cpe:/a:snoopy:snoopy:1.2.3", "cpe:/a:moodle:moodle:1.8.5", "cpe:/a:moodle:moodle:1.7.2", "cpe:/a:moodle:moodle:1.7.5", "cpe:/a:moodle:moodle:1.9.3", "cpe:/a:moodle:moodle:1.8.3", "cpe:/a:moodle:moodle:1.7.6"], "id": "CVE-2009-0502", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0502", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:moodle:moodle:1.8.6:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:snoopy:snoopy:1.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-05-12T17:33:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "description": "This host is running Moodle CMS and is prone to Multiple\n Vulnerabilities.", "modified": "2020-05-08T00:00:00", "published": "2009-03-03T00:00:00", "id": "OPENVAS:1361412562310800240", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800240", "type": "openvas", "title": "Moodle CMS Multiple Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Moodle CMS Multiple Vulnerabilities\n#\n# Authors:\n# Sujit Ghosal <sghosal@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800240\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2009-03-03 06:56:37 +0100 (Tue, 03 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_cve_id(\"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\");\n script_bugtraq_id(33617, 33615, 33612, 32402);\n script_name(\"Moodle CMS Multiple Vulnerabilities\");\n script_xref(name:\"URL\", value:\"http://moodle.org/security\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2009/02/04/1\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_moodle_cms_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"Moodle/Version\");\n\n script_tag(name:\"affected\", value:\"Moodle version from 1.6 prior to 1.6.9,\n Moodle version from 1.7 prior to 1.7.7,\n Moodle version from 1.8 prior to 1.8.8 and\n Moodle version from 1.9 prior to 1.9.4 on all platforms.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to\n\n - Vulnerability in post.php for IMG tag which allows unauthorised access\n to user's posts.\n\n - XSS Vulnerability in course/lib.php which allows injection of arbitrary\n web scripts or malicious HTML codes while displaying the log report in\n browser due to lack of sanitization.\n\n - Unspecified vulnerability in the Calendar export feature which causes\n conducting brute force attacks.\n\n - XSS Vulnerability in blocks/html/block_html.php which allows injection\n of arbitracy scripts of malformed HTML codes injection.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to latest version 1.6.9, 1.7.7, 1.8.8 and 1.9.4.\");\n\n script_tag(name:\"summary\", value:\"This host is running Moodle CMS and is prone to Multiple\n Vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to cause Cross Site\n Scripting attacks, can gain sensitive information about the user or the\n remote host or can delete unauthorised posts through injecting malicious\n web scripts.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nmoodlePort = http_get_port(default:80);\nif(!get_kb_item(string(\"www/\", moodlePort, \"/moodle\")))\n exit(0);\n\nmoodleVer = get_kb_item(\"Moodle/Version\");\nif(!moodleVer)\n exit(0);\n\nif(version_in_range(version:moodleVer, test_version:\"1.6\", test_version2:\"1.6.8\") ||\n version_in_range(version:moodleVer, test_version:\"1.7\", test_version2:\"1.7.6\") ||\n version_in_range(version:moodleVer, test_version:\"1.8\", test_version2:\"1.8.7\") ||\n version_in_range(version:moodleVer, test_version:\"1.9\", test_version2:\"1.9.3\")){\n security_message(moodlePort);\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2017-07-02T21:14:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "description": "This host is running Moodle CMS and is prone to Multiple\n Vulnerabilities.", "modified": "2016-12-29T00:00:00", "published": "2009-03-03T00:00:00", "id": "OPENVAS:800240", "href": "http://plugins.openvas.org/nasl.php?oid=800240", "type": "openvas", "title": "Moodle CMS Multiple Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_moodle_cms_mult_vuln.nasl 4869 2016-12-29 11:01:45Z teissa $\n#\n# Moodle CMS Multiple Vulnerabilities\n#\n# Authors:\n# Sujit Ghosal <sghosal@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to cause Cross Site\n Scripting attacks, can gain sensitive information about the user or the\n remote host or can delete unauthorised posts through injecting malicious\n web scripts.\n\n Impact level: System/Application\";\n\ntag_affected = \"Moodle version from 1.6 prior to 1.6.9,\n Moodle version from 1.7 prior to 1.7.7,\n Moodle version from 1.8 prior to 1.8.8 and \n Moodle version from 1.9 prior to 1.9.4 on all platforms.\";\ntag_insight = \"Multiple flaws are due to\n - Vulnerability in post.php for IMG tag which allows unauthorised access\n to user's posts.\n - XSS Vulnerability in course/lib.php which allows injection of arbitrary\n web scripts or malicious HTML codes while displaying the log report in\n browser due to lack of sanitization.\n - Unspecified vulnerability in the Calendar export feature which causes\n conducting brute force attacks.\n - XSS Vulnerability in blocks/html/block_html.php which allows injection\n of arbitracy scripts of malformed HTML codes injection.\";\ntag_solution = \"Upgrade to latest version 1.6.9, 1.7.7, 1.8.8 and 1.9.4\n http://moodle.org/downloads\";\ntag_summary = \"This host is running Moodle CMS and is prone to Multiple\n Vulnerabilities.\";\n\nif(description)\n{\n script_id(800240);\n script_version(\"$Revision: 4869 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-29 12:01:45 +0100 (Thu, 29 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-03 06:56:37 +0100 (Tue, 03 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_cve_id(\"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\");\n script_bugtraq_id(33617, 33615, 33612, 32402);\n script_name(\"Moodle CMS Multiple Vulnerabilities\");\n script_xref(name : \"URL\" , value : \"http://moodle.org/security\");\n script_xref(name : \"URL\" , value : \"http://www.openwall.com/lists/oss-security/2009/02/04/1\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_moodle_cms_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"Moodle/Version\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"impact\" , value : tag_impact);\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nmoodlePort = get_http_port(default:80);\nif(!moodlePort){\n exit(0);\n}\n\nif(!get_kb_item(string(\"www/\", moodlePort, \"/moodle\")))exit(0);\n\nmoodleVer = get_kb_item(\"Moodle/Version\");\nif(!moodleVer){\n exit(0);\n}\n\n# Grep for Moodle CMS Version\nif(version_in_range(version:moodleVer, test_version:\"1.6\", test_version2:\"1.6.8\") ||\n version_in_range(version:moodleVer, test_version:\"1.7\", test_version2:\"1.7.6\") ||\n version_in_range(version:moodleVer, test_version:\"1.8\", test_version2:\"1.8.7\") ||\n version_in_range(version:moodleVer, test_version:\"1.9\", test_version2:\"1.9.3\")){\n security_message(moodlePort);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-25T10:56:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500"], "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-1641.", "modified": "2017-07-10T00:00:00", "published": "2009-02-13T00:00:00", "id": "OPENVAS:63390", "href": "http://plugins.openvas.org/nasl.php?oid=63390", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-1641 (moodle)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_1641.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-1641 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nMultiple security fixes.\n\nChangeLog:\n\n* Tue Feb 10 2009 Jon Ciesla - 1.9.4-1\n- Update to 1.9.4 to fix CVE-2009-0499,0500,0501,0502.\n* Tue Jan 27 2009 Jon Ciesla - 1.9.3-6\n- Dropped and symlinked to khmeros-base-fonts.\n* Tue Jan 20 2009 Jon Ciesla - 1.9.3-5\n- Dropped and symlinked illegal sm and to fonts.\n- Symlinking to FreeSans.\n- Drop spell-check-logic.cgi, CVE-2008-5153, per upstream, BZ 472117, 472119, 472120.\n* Wed Dec 17 2008 Jon Ciesla - 1.9.3-4\n- Texed fix, BZ 476709.\n* Fri Nov 7 2008 Jon Ciesla - 1.9.3-3\n- Moved to weekly downloaded 11/7/08 to fix Snoopy CVE-2008-4796.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update moodle' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-1641\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-1641.\";\n\n\n\nif(description)\n{\n script_id(63390);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 20:43:17 +0100 (Fri, 13 Feb 2009)\");\n script_cve_id(\"CVE-2009-0499\", \"CVE-2008-5153\", \"CVE-2008-4796\", \"CVE-2009-0500\", \"CVE-2009-0502\", \"CVE-2009-0501\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 9 FEDORA-2009-1641 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484916\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484922\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484924\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484923\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-af\", rpm:\"moodle-af~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ar\", rpm:\"moodle-ar~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-be\", rpm:\"moodle-be~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bg\", rpm:\"moodle-bg~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bn\", rpm:\"moodle-bn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bs\", rpm:\"moodle-bs~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ca\", rpm:\"moodle-ca~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cs\", rpm:\"moodle-cs~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cy\", rpm:\"moodle-cy~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-da\", rpm:\"moodle-da~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de\", rpm:\"moodle-de~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de_du\", rpm:\"moodle-de_du~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-el\", rpm:\"moodle-el~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-es\", rpm:\"moodle-es~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-et\", rpm:\"moodle-et~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-eu\", rpm:\"moodle-eu~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fa\", rpm:\"moodle-fa~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fi\", rpm:\"moodle-fi~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fil\", rpm:\"moodle-fil~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr\", rpm:\"moodle-fr~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr_ca\", rpm:\"moodle-fr_ca~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ga\", rpm:\"moodle-ga~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gl\", rpm:\"moodle-gl~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gu\", rpm:\"moodle-gu~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-he\", rpm:\"moodle-he~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hi\", rpm:\"moodle-hi~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hr\", rpm:\"moodle-hr~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hu\", rpm:\"moodle-hu~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hy\", rpm:\"moodle-hy~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-id\", rpm:\"moodle-id~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-is\", rpm:\"moodle-is~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-it\", rpm:\"moodle-it~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ja\", rpm:\"moodle-ja~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ka\", rpm:\"moodle-ka~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kk\", rpm:\"moodle-kk~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-km\", rpm:\"moodle-km~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kn\", rpm:\"moodle-kn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ko\", rpm:\"moodle-ko~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lo\", rpm:\"moodle-lo~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lt\", rpm:\"moodle-lt~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lv\", rpm:\"moodle-lv~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_tn\", rpm:\"moodle-mi_tn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_wwow\", rpm:\"moodle-mi_wwow~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mk\", rpm:\"moodle-mk~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ml\", rpm:\"moodle-ml~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mn\", rpm:\"moodle-mn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ms\", rpm:\"moodle-ms~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nl\", rpm:\"moodle-nl~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nn\", rpm:\"moodle-nn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no\", rpm:\"moodle-no~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no_gr\", rpm:\"moodle-no_gr~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pl\", rpm:\"moodle-pl~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt\", rpm:\"moodle-pt~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt_br\", rpm:\"moodle-pt_br~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ro\", rpm:\"moodle-ro~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ru\", rpm:\"moodle-ru~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-si\", rpm:\"moodle-si~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sk\", rpm:\"moodle-sk~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sl\", rpm:\"moodle-sl~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sm\", rpm:\"moodle-sm~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-so\", rpm:\"moodle-so~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sq\", rpm:\"moodle-sq~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr\", rpm:\"moodle-sr_cr~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr_bo\", rpm:\"moodle-sr_cr_bo~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_lt\", rpm:\"moodle-sr_lt~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sv\", rpm:\"moodle-sv~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta\", rpm:\"moodle-ta~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta_lk\", rpm:\"moodle-ta_lk~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-th\", rpm:\"moodle-th~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tl\", rpm:\"moodle-tl~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-to\", rpm:\"moodle-to~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tr\", rpm:\"moodle-tr~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uk\", rpm:\"moodle-uk~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uz\", rpm:\"moodle-uz~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-vi\", rpm:\"moodle-vi~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_cn\", rpm:\"moodle-zh_cn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_tw\", rpm:\"moodle-zh_tw~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:38:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500"], "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-1641.", "modified": "2018-04-06T00:00:00", "published": "2009-02-13T00:00:00", "id": "OPENVAS:136141256231063390", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063390", "type": "openvas", "title": "Fedora Core 9 FEDORA-2009-1641 (moodle)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_1641.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-1641 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nMultiple security fixes.\n\nChangeLog:\n\n* Tue Feb 10 2009 Jon Ciesla - 1.9.4-1\n- Update to 1.9.4 to fix CVE-2009-0499,0500,0501,0502.\n* Tue Jan 27 2009 Jon Ciesla - 1.9.3-6\n- Dropped and symlinked to khmeros-base-fonts.\n* Tue Jan 20 2009 Jon Ciesla - 1.9.3-5\n- Dropped and symlinked illegal sm and to fonts.\n- Symlinking to FreeSans.\n- Drop spell-check-logic.cgi, CVE-2008-5153, per upstream, BZ 472117, 472119, 472120.\n* Wed Dec 17 2008 Jon Ciesla - 1.9.3-4\n- Texed fix, BZ 476709.\n* Fri Nov 7 2008 Jon Ciesla - 1.9.3-3\n- Moved to weekly downloaded 11/7/08 to fix Snoopy CVE-2008-4796.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update moodle' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-1641\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-1641.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63390\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 20:43:17 +0100 (Fri, 13 Feb 2009)\");\n script_cve_id(\"CVE-2009-0499\", \"CVE-2008-5153\", \"CVE-2008-4796\", \"CVE-2009-0500\", \"CVE-2009-0502\", \"CVE-2009-0501\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 9 FEDORA-2009-1641 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484916\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484922\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484924\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484923\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-af\", rpm:\"moodle-af~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ar\", rpm:\"moodle-ar~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-be\", rpm:\"moodle-be~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bg\", rpm:\"moodle-bg~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bn\", rpm:\"moodle-bn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bs\", rpm:\"moodle-bs~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ca\", rpm:\"moodle-ca~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cs\", rpm:\"moodle-cs~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cy\", rpm:\"moodle-cy~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-da\", rpm:\"moodle-da~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de\", rpm:\"moodle-de~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de_du\", rpm:\"moodle-de_du~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-el\", rpm:\"moodle-el~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-es\", rpm:\"moodle-es~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-et\", rpm:\"moodle-et~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-eu\", rpm:\"moodle-eu~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fa\", rpm:\"moodle-fa~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fi\", rpm:\"moodle-fi~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fil\", rpm:\"moodle-fil~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr\", rpm:\"moodle-fr~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr_ca\", rpm:\"moodle-fr_ca~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ga\", rpm:\"moodle-ga~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gl\", rpm:\"moodle-gl~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gu\", rpm:\"moodle-gu~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-he\", rpm:\"moodle-he~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hi\", rpm:\"moodle-hi~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hr\", rpm:\"moodle-hr~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hu\", rpm:\"moodle-hu~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hy\", rpm:\"moodle-hy~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-id\", rpm:\"moodle-id~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-is\", rpm:\"moodle-is~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-it\", rpm:\"moodle-it~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ja\", rpm:\"moodle-ja~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ka\", rpm:\"moodle-ka~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kk\", rpm:\"moodle-kk~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-km\", rpm:\"moodle-km~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kn\", rpm:\"moodle-kn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ko\", rpm:\"moodle-ko~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lo\", rpm:\"moodle-lo~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lt\", rpm:\"moodle-lt~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lv\", rpm:\"moodle-lv~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_tn\", rpm:\"moodle-mi_tn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_wwow\", rpm:\"moodle-mi_wwow~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mk\", rpm:\"moodle-mk~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ml\", rpm:\"moodle-ml~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mn\", rpm:\"moodle-mn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ms\", rpm:\"moodle-ms~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nl\", rpm:\"moodle-nl~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nn\", rpm:\"moodle-nn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no\", rpm:\"moodle-no~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no_gr\", rpm:\"moodle-no_gr~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pl\", rpm:\"moodle-pl~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt\", rpm:\"moodle-pt~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt_br\", rpm:\"moodle-pt_br~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ro\", rpm:\"moodle-ro~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ru\", rpm:\"moodle-ru~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-si\", rpm:\"moodle-si~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sk\", rpm:\"moodle-sk~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sl\", rpm:\"moodle-sl~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sm\", rpm:\"moodle-sm~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-so\", rpm:\"moodle-so~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sq\", rpm:\"moodle-sq~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr\", rpm:\"moodle-sr_cr~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr_bo\", rpm:\"moodle-sr_cr_bo~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_lt\", rpm:\"moodle-sr_lt~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sv\", rpm:\"moodle-sv~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta\", rpm:\"moodle-ta~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta_lk\", rpm:\"moodle-ta_lk~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-th\", rpm:\"moodle-th~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tl\", rpm:\"moodle-tl~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-to\", rpm:\"moodle-to~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tr\", rpm:\"moodle-tr~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uk\", rpm:\"moodle-uk~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uz\", rpm:\"moodle-uz~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-vi\", rpm:\"moodle-vi~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_cn\", rpm:\"moodle-zh_cn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_tw\", rpm:\"moodle-zh_tw~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500"], "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-1699.", "modified": "2017-07-10T00:00:00", "published": "2009-02-18T00:00:00", "id": "OPENVAS:63405", "href": "http://plugins.openvas.org/nasl.php?oid=63405", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-1699 (moodle)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_1699.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-1699 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nMultiple security fixes.\n\nChangeLog:\n\n* Tue Feb 10 2009 Jon Ciesla - 1.9.4-1\n- Update to 1.9.4 to fix CVE-2009-0499,0500,0501,0502.\n* Tue Jan 27 2009 Jon Ciesla - 1.9.3-6\n- Dropped and symlinked to khmeros-base-fonts.\n* Tue Jan 20 2009 Jon Ciesla - 1.9.3-5\n- Dropped and symlinked illegal sm and to fonts.\n- Symlinking to FreeSans.\n- Drop spell-check-logic.cgi, CVE-2008-5153, per upstream, BZ 472117, 472119, 472120.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update moodle' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-1699\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-1699.\";\n\n\n\nif(description)\n{\n script_id(63405);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-18 23:13:28 +0100 (Wed, 18 Feb 2009)\");\n script_cve_id(\"CVE-2009-0499\", \"CVE-2008-5153\", \"CVE-2008-4796\", \"CVE-2009-0502\", \"CVE-2009-0500\", \"CVE-2009-0501\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-1699 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484924\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484922\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484916\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484923\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-af\", rpm:\"moodle-af~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ar\", rpm:\"moodle-ar~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-be\", rpm:\"moodle-be~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bg\", rpm:\"moodle-bg~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bn\", rpm:\"moodle-bn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bs\", rpm:\"moodle-bs~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ca\", rpm:\"moodle-ca~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cs\", rpm:\"moodle-cs~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cy\", rpm:\"moodle-cy~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-da\", rpm:\"moodle-da~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de\", rpm:\"moodle-de~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de_du\", rpm:\"moodle-de_du~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-el\", rpm:\"moodle-el~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-es\", rpm:\"moodle-es~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-et\", rpm:\"moodle-et~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-eu\", rpm:\"moodle-eu~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fa\", rpm:\"moodle-fa~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fi\", rpm:\"moodle-fi~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fil\", rpm:\"moodle-fil~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr\", rpm:\"moodle-fr~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr_ca\", rpm:\"moodle-fr_ca~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ga\", rpm:\"moodle-ga~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gl\", rpm:\"moodle-gl~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gu\", rpm:\"moodle-gu~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-he\", rpm:\"moodle-he~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hi\", rpm:\"moodle-hi~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hr\", rpm:\"moodle-hr~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hu\", rpm:\"moodle-hu~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hy\", rpm:\"moodle-hy~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-id\", rpm:\"moodle-id~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-is\", rpm:\"moodle-is~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-it\", rpm:\"moodle-it~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ja\", rpm:\"moodle-ja~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ka\", rpm:\"moodle-ka~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kk\", rpm:\"moodle-kk~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-km\", rpm:\"moodle-km~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kn\", rpm:\"moodle-kn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ko\", rpm:\"moodle-ko~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lo\", rpm:\"moodle-lo~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lt\", rpm:\"moodle-lt~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lv\", rpm:\"moodle-lv~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_tn\", rpm:\"moodle-mi_tn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_wwow\", rpm:\"moodle-mi_wwow~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mk\", rpm:\"moodle-mk~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ml\", rpm:\"moodle-ml~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mn\", rpm:\"moodle-mn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ms\", rpm:\"moodle-ms~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nl\", rpm:\"moodle-nl~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nn\", rpm:\"moodle-nn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no\", rpm:\"moodle-no~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no_gr\", rpm:\"moodle-no_gr~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pl\", rpm:\"moodle-pl~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt\", rpm:\"moodle-pt~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt_br\", rpm:\"moodle-pt_br~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ro\", rpm:\"moodle-ro~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ru\", rpm:\"moodle-ru~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-si\", rpm:\"moodle-si~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sk\", rpm:\"moodle-sk~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sl\", rpm:\"moodle-sl~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sm\", rpm:\"moodle-sm~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-so\", rpm:\"moodle-so~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sq\", rpm:\"moodle-sq~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr\", rpm:\"moodle-sr_cr~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr_bo\", rpm:\"moodle-sr_cr_bo~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_lt\", rpm:\"moodle-sr_lt~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sv\", rpm:\"moodle-sv~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta\", rpm:\"moodle-ta~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta_lk\", rpm:\"moodle-ta_lk~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-th\", rpm:\"moodle-th~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tl\", rpm:\"moodle-tl~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-to\", rpm:\"moodle-to~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tr\", rpm:\"moodle-tr~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uk\", rpm:\"moodle-uk~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uz\", rpm:\"moodle-uz~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-vi\", rpm:\"moodle-vi~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_cn\", rpm:\"moodle-zh_cn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_tw\", rpm:\"moodle-zh_tw~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500"], "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-1699.", "modified": "2018-04-06T00:00:00", "published": "2009-02-18T00:00:00", "id": "OPENVAS:136141256231063405", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063405", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-1699 (moodle)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_1699.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-1699 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nMultiple security fixes.\n\nChangeLog:\n\n* Tue Feb 10 2009 Jon Ciesla - 1.9.4-1\n- Update to 1.9.4 to fix CVE-2009-0499,0500,0501,0502.\n* Tue Jan 27 2009 Jon Ciesla - 1.9.3-6\n- Dropped and symlinked to khmeros-base-fonts.\n* Tue Jan 20 2009 Jon Ciesla - 1.9.3-5\n- Dropped and symlinked illegal sm and to fonts.\n- Symlinking to FreeSans.\n- Drop spell-check-logic.cgi, CVE-2008-5153, per upstream, BZ 472117, 472119, 472120.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update moodle' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-1699\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-1699.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63405\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-18 23:13:28 +0100 (Wed, 18 Feb 2009)\");\n script_cve_id(\"CVE-2009-0499\", \"CVE-2008-5153\", \"CVE-2008-4796\", \"CVE-2009-0502\", \"CVE-2009-0500\", \"CVE-2009-0501\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-1699 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484924\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484922\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484916\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484923\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-af\", rpm:\"moodle-af~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ar\", rpm:\"moodle-ar~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-be\", rpm:\"moodle-be~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bg\", rpm:\"moodle-bg~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bn\", rpm:\"moodle-bn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bs\", rpm:\"moodle-bs~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ca\", rpm:\"moodle-ca~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cs\", rpm:\"moodle-cs~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cy\", rpm:\"moodle-cy~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-da\", rpm:\"moodle-da~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de\", rpm:\"moodle-de~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de_du\", rpm:\"moodle-de_du~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-el\", rpm:\"moodle-el~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-es\", rpm:\"moodle-es~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-et\", rpm:\"moodle-et~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-eu\", rpm:\"moodle-eu~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fa\", rpm:\"moodle-fa~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fi\", rpm:\"moodle-fi~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fil\", rpm:\"moodle-fil~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr\", rpm:\"moodle-fr~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr_ca\", rpm:\"moodle-fr_ca~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ga\", rpm:\"moodle-ga~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gl\", rpm:\"moodle-gl~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gu\", rpm:\"moodle-gu~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-he\", rpm:\"moodle-he~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hi\", rpm:\"moodle-hi~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hr\", rpm:\"moodle-hr~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hu\", rpm:\"moodle-hu~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hy\", rpm:\"moodle-hy~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-id\", rpm:\"moodle-id~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-is\", rpm:\"moodle-is~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-it\", rpm:\"moodle-it~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ja\", rpm:\"moodle-ja~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ka\", rpm:\"moodle-ka~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kk\", rpm:\"moodle-kk~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-km\", rpm:\"moodle-km~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kn\", rpm:\"moodle-kn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ko\", rpm:\"moodle-ko~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lo\", rpm:\"moodle-lo~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lt\", rpm:\"moodle-lt~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lv\", rpm:\"moodle-lv~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_tn\", rpm:\"moodle-mi_tn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_wwow\", rpm:\"moodle-mi_wwow~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mk\", rpm:\"moodle-mk~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ml\", rpm:\"moodle-ml~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mn\", rpm:\"moodle-mn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ms\", rpm:\"moodle-ms~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nl\", rpm:\"moodle-nl~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nn\", rpm:\"moodle-nn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no\", rpm:\"moodle-no~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no_gr\", rpm:\"moodle-no_gr~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pl\", rpm:\"moodle-pl~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt\", rpm:\"moodle-pt~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt_br\", rpm:\"moodle-pt_br~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ro\", rpm:\"moodle-ro~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ru\", rpm:\"moodle-ru~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-si\", rpm:\"moodle-si~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sk\", rpm:\"moodle-sk~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sl\", rpm:\"moodle-sl~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sm\", rpm:\"moodle-sm~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-so\", rpm:\"moodle-so~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sq\", rpm:\"moodle-sq~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr\", rpm:\"moodle-sr_cr~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr_bo\", rpm:\"moodle-sr_cr_bo~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_lt\", rpm:\"moodle-sr_lt~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sv\", rpm:\"moodle-sv~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta\", rpm:\"moodle-ta~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta_lk\", rpm:\"moodle-ta_lk~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-th\", rpm:\"moodle-th~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tl\", rpm:\"moodle-tl~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-to\", rpm:\"moodle-to~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tr\", rpm:\"moodle-tr~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uk\", rpm:\"moodle-uk~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uz\", rpm:\"moodle-uz~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-vi\", rpm:\"moodle-vi~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_cn\", rpm:\"moodle-zh_cn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_tw\", rpm:\"moodle-zh_tw~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0502", "CVE-2008-5153", "CVE-2009-0500"], "description": "The remote host is missing an update to moodle\nannounced via advisory DSA 1724-1.", "modified": "2017-07-07T00:00:00", "published": "2009-02-18T00:00:00", "id": "OPENVAS:63410", "href": "http://plugins.openvas.org/nasl.php?oid=63410", "type": "openvas", "title": "Debian Security Advisory DSA 1724-1 (moodle)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1724_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1724-1 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in Moodle, an online\ncourse management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2009-0500\n\nIt was discovered that the information stored in the log tables\nwas not properly sanitized, which could allow attackers to inject\narbitrary web code.\n\nCVE-2009-0502\n\nIt was discovered that certain input via the Login as function\nwas not properly sanitised leading to the injection of arbitrary\nweb script.\n\nCVE-2008-5153\n\nDmitry E. Oboukhov discovered that the SpellCheker plugin creates\ntemporary files insecurely, allowing a denial of service attack.\nSince the plugin was unused, it is removed in this update.\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 1.6.3-2+etch2.\n\nFor the testing (lenny) distribution these problems have been fixed in\nversion 1.8.2.dfsg-3+lenny1.\n\nFor the unstable (sid) distribution these problems have been fixed in\nversion 1.8.2.dfsg-4.\n\nWe recommend that you upgrade your moodle package.\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory DSA 1724-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201724-1\";\n\n\nif(description)\n{\n script_id(63410);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-18 23:13:28 +0100 (Wed, 18 Feb 2009)\");\n script_cve_id(\"CVE-2009-0500\", \"CVE-2009-0502\", \"CVE-2008-5153\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1724-1 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"moodle\", ver:\"1.6.3-2+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0502", "CVE-2008-5153", "CVE-2009-0500"], "description": "The remote host is missing an update to moodle\nannounced via advisory DSA 1724-1.", "modified": "2018-04-06T00:00:00", "published": "2009-02-18T00:00:00", "id": "OPENVAS:136141256231063410", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063410", "type": "openvas", "title": "Debian Security Advisory DSA 1724-1 (moodle)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1724_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1724-1 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in Moodle, an online\ncourse management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2009-0500\n\nIt was discovered that the information stored in the log tables\nwas not properly sanitized, which could allow attackers to inject\narbitrary web code.\n\nCVE-2009-0502\n\nIt was discovered that certain input via the Login as function\nwas not properly sanitised leading to the injection of arbitrary\nweb script.\n\nCVE-2008-5153\n\nDmitry E. Oboukhov discovered that the SpellCheker plugin creates\ntemporary files insecurely, allowing a denial of service attack.\nSince the plugin was unused, it is removed in this update.\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 1.6.3-2+etch2.\n\nFor the testing (lenny) distribution these problems have been fixed in\nversion 1.8.2.dfsg-3+lenny1.\n\nFor the unstable (sid) distribution these problems have been fixed in\nversion 1.8.2.dfsg-4.\n\nWe recommend that you upgrade your moodle package.\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory DSA 1724-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201724-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63410\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-18 23:13:28 +0100 (Wed, 18 Feb 2009)\");\n script_cve_id(\"CVE-2009-0500\", \"CVE-2009-0502\", \"CVE-2008-5153\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1724-1 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"moodle\", ver:\"1.6.3-2+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2008-4811", "CVE-2008-5432", "CVE-2008-5619", "CVE-2009-0502", "CVE-2008-4810", "CVE-2008-4796", "CVE-2008-6124", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500", "CVE-2009-1171", "CVE-2009-1669", "CVE-2007-3215"], "description": "The remote host is missing an update to moodle\nannounced via advisory USN-791-1.\n\nFor details, please visit the referenced security advisories.", "modified": "2017-12-01T00:00:00", "published": "2009-06-30T00:00:00", "id": "OPENVAS:64320", "href": "http://plugins.openvas.org/nasl.php?oid=64320", "type": "openvas", "title": "Ubuntu USN-791-1 (moodle)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_791_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_791_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-791-1 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 8.04 LTS:\n moodle 1.8.2-1ubuntu4.2\n\nUbuntu 8.10:\n moodle 1.8.2-1.2ubuntu2.1\n\nAfter a standard system upgrade you need to access the Moodle instance\nand accept the database update to clear any invalid cached data.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-791-1\";\n\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory USN-791-1.\n\nFor details, please visit the referenced security advisories.\";\n\n \n\n\nif(description)\n{\n script_id(64320);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2007-3215\", \"CVE-2008-4796\", \"CVE-2008-4810\", \"CVE-2008-4811\", \"CVE-2008-5153\", \"CVE-2008-5432\", \"CVE-2008-5619\", \"CVE-2008-6124\", \"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\", \"CVE-2009-1171\", \"CVE-2009-1669\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-791-1 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-791-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"moodle\", ver:\"1.8.2-1ubuntu4.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"moodle\", ver:\"1.8.2-1.2ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-26T08:55:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0733", "CVE-2009-0932", "CVE-2009-0915", "CVE-2008-3075", "CVE-2009-0723", "CVE-2008-2364", "CVE-2009-0584", "CVE-2008-3076", "CVE-2009-0502", "CVE-2009-0115", "CVE-2008-4677", "CVE-2009-0583", "CVE-2009-0916", "CVE-2007-6018", "CVE-2008-5917", "CVE-2009-0499", "CVE-2009-0500", "CVE-2009-0930", "CVE-2008-6235", "CVE-2008-3074", "CVE-2008-2712", "CVE-2009-0581", "CVE-2009-0914"], "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:007. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "modified": "2017-07-11T00:00:00", "published": "2009-03-31T00:00:00", "id": "OPENVAS:63687", "href": "http://plugins.openvas.org/nasl.php?oid=63687", "type": "openvas", "title": "SuSE Security Summary SUSE-SR:2009:007", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sr_2009_007.nasl 6668 2017-07-11 13:34:29Z cfischer $\n# Description: Auto-generated from advisory SUSE-SR:2009:007\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SR:2009:007. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.\";\n\ntag_solution = \"Update all out of date packages.\";\n \nif(description)\n{\n script_id(63687);\n script_version(\"$Revision: 6668 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-11 15:34:29 +0200 (Tue, 11 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-31 19:20:21 +0200 (Tue, 31 Mar 2009)\");\n script_cve_id(\"CVE-2007-6018\", \"CVE-2008-2364\", \"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4677\", \"CVE-2008-5917\", \"CVE-2008-6235\", \"CVE-2009-0115\", \"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\", \"CVE-2009-0581\", \"CVE-2009-0583\", \"CVE-2009-0584\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0914\", \"CVE-2009-0915\", \"CVE-2009-0916\", \"CVE-2009-0930\", \"CVE-2009-0932\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Summary SUSE-SR:2009:007\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ConsoleKit\", rpm:\"ConsoleKit~0.2.10~60.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ConsoleKit-devel\", rpm:\"ConsoleKit-devel~0.2.10~60.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ConsoleKit-x11\", rpm:\"ConsoleKit-x11~0.2.10~60.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"Mesa\", rpm:\"Mesa~7.2~10.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"Mesa-devel\", rpm:\"Mesa-devel~7.2~10.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"Mesa-devel-static\", rpm:\"Mesa-devel-static~7.2~10.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ModemManager\", rpm:\"ModemManager~0.1_20081203~6.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.7~1.1.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~3.0.7~1.1.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.7~1.1.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager\", rpm:\"NetworkManager~0.7.0.r4359~15.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-devel\", rpm:\"NetworkManager-devel~0.7.0.r4359~15.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-doc\", rpm:\"NetworkManager-doc~0.7.0.r4359~15.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-glib\", rpm:\"NetworkManager-glib~0.7.0.r4359~15.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-gnome\", rpm:\"NetworkManager-gnome~0.7.0.r1053~11.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-kde\", rpm:\"NetworkManager-kde~0.7r848570~23.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-kde-devel\", rpm:\"NetworkManager-kde-devel~0.7r848570~23.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-openvpn-kde\", rpm:\"NetworkManager-openvpn-kde~0.7r848570~23.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-vpnc-kde\", rpm:\"NetworkManager-vpnc-kde~0.7r848570~23.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~8.1.4~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"blt\", rpm:\"blt~2.4z~342.62.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cifs-mount\", rpm:\"cifs-mount~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1\", rpm:\"dbus-1~1.2.10~5.3.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-devel\", rpm:\"dbus-1-devel~1.2.10~5.3.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-devel-doc\", rpm:\"dbus-1-devel-doc~1.2.10~5.3.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-glib\", rpm:\"dbus-1-glib~0.76~32.33.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-glib-devel\", rpm:\"dbus-1-glib-devel~0.76~32.33.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-glib-doc\", rpm:\"dbus-1-glib-doc~0.76~32.33.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-mono\", rpm:\"dbus-1-mono~0.63~118.117.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-python\", rpm:\"dbus-1-python~0.83.0~22.22.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-python-devel\", rpm:\"dbus-1-python-devel~0.83.0~22.22.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-qt3\", rpm:\"dbus-1-qt3~0.62~221.222.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-qt3-devel\", rpm:\"dbus-1-qt3-devel~0.62~221.222.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-x11\", rpm:\"dbus-1-x11~1.2.10~5.3.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeglut\", rpm:\"freeglut~080721~20.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeglut-devel\", rpm:\"freeglut-devel~080721~20.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-devel\", rpm:\"ghostscript-devel~8.62~31.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-fonts-other\", rpm:\"ghostscript-fonts-other~8.62~31.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-fonts-rus\", rpm:\"ghostscript-fonts-rus~8.62~31.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-fonts-std\", rpm:\"ghostscript-fonts-std~8.62~31.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-ijs-devel\", rpm:\"ghostscript-ijs-devel~8.62~31.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-library\", rpm:\"ghostscript-library~8.62~31.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-omni\", rpm:\"ghostscript-omni~8.62~31.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-x11\", rpm:\"ghostscript-x11~8.62~31.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-control-center\", rpm:\"gnome-control-center~2.24.0.1~3.20.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-control-center-devel\", rpm:\"gnome-control-center-devel~2.24.0.1~3.20.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-control-center-lang\", rpm:\"gnome-control-center-lang~2.24.0.1~3.20.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-desktop\", rpm:\"gnome-desktop~2.24.1~2.17.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-desktop-devel\", rpm:\"gnome-desktop-devel~2.24.1~2.17.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-desktop-doc\", rpm:\"gnome-desktop-doc~2.24.1~2.17.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-desktop-lang\", rpm:\"gnome-desktop-lang~2.24.1~2.17.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-settings-daemon\", rpm:\"gnome-settings-daemon~2.24.0~3.20.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-settings-daemon-devel\", rpm:\"gnome-settings-daemon-devel~2.24.0~3.20.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-settings-daemon-lang\", rpm:\"gnome-settings-daemon-lang~2.24.0~3.20.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-system-monitor\", rpm:\"gnome-system-monitor~2.24.1~1.27.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-system-monitor-lang\", rpm:\"gnome-system-monitor-lang~2.24.1~1.27.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-utils\", rpm:\"gnome-utils~2.24.1~3.16.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-utils-devel\", rpm:\"gnome-utils-devel~2.24.1~3.16.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-utils-doc\", rpm:\"gnome-utils-doc~2.24.1~3.16.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-utils-lang\", rpm:\"gnome-utils-lang~2.24.1~3.16.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk\", rpm:\"java-1_6_0-openjdk~1.4_b14~24.3.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-demo\", rpm:\"java-1_6_0-openjdk-demo~1.4_b14~24.3.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-devel\", rpm:\"java-1_6_0-openjdk-devel~1.4_b14~24.3.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-javadoc\", rpm:\"java-1_6_0-openjdk-javadoc~1.4_b14~24.3.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-plugin\", rpm:\"java-1_6_0-openjdk-plugin~1.4_b14~24.3.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-src\", rpm:\"java-1_6_0-openjdk-src~1.4_b14~24.3.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kpartx\", rpm:\"kpartx~0.4.8~26.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lcms\", rpm:\"lcms~1.17~44.59.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ldapsmb\", rpm:\"ldapsmb~1.34b~6.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgimpprint\", rpm:\"libgimpprint~4.2.7~31.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgimpprint-devel\", rpm:\"libgimpprint-devel~4.2.7~31.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnome-desktop-2-7\", rpm:\"libgnome-desktop-2-7~2.24.1~2.17.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"liblcms-devel\", rpm:\"liblcms-devel~1.17~44.59.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"liblcms1\", rpm:\"liblcms1~1.17~44.59.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.5.1~3.9.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtalloc-devel\", rpm:\"libtalloc-devel~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtalloc1\", rpm:\"libtalloc1~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtdb-devel\", rpm:\"libtdb-devel~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtdb1\", rpm:\"libtdb1~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mdadm\", rpm:\"mdadm~3.0~10.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.7~1.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.7~1.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.7~1.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.7~1.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"multipath-tools\", rpm:\"multipath-tools~0.4.8~26.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opera\", rpm:\"opera~9.64~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"psmisc\", rpm:\"psmisc~22.6~61.27.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-lcms\", rpm:\"python-lcms~1.17~44.59.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom190\", rpm:\"python-xpcom190~1.9.0.7~1.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-devel\", rpm:\"samba-devel~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-krb-printing\", rpm:\"samba-krb-printing~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-vscan\", rpm:\"samba-vscan~0.3.6b~6.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2\", rpm:\"sax2~8.1~542.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-gui\", rpm:\"sax2-gui~8.1~542.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-ident\", rpm:\"sax2-ident~8.1~542.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-libsax\", rpm:\"sax2-libsax~8.1~542.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-libsax-devel\", rpm:\"sax2-libsax-devel~8.1~542.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-libsax-perl\", rpm:\"sax2-libsax-perl~8.1~542.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-libsax-python\", rpm:\"sax2-libsax-python~8.1~542.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-tools\", rpm:\"sax2-tools~8.1~542.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"stardict\", rpm:\"stardict~3.0.1~59.39.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sysvinit\", rpm:\"sysvinit~2.86~186.17.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"telepathy-gabble\", rpm:\"telepathy-gabble~0.7.10~1.21.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"timezone\", rpm:\"timezone~2009b~3.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomboy\", rpm:\"tomboy~0.12.1~2.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomboy-lang\", rpm:\"tomboy-lang~0.12.1~2.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"x11-input-wacom\", rpm:\"x11-input-wacom~0.8.1~36.18.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"x11-input-wacom-devel\", rpm:\"x11-input-wacom-devel~0.8.1~36.18.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"x11-input-wacom-tools\", rpm:\"x11-input-wacom-tools~0.8.1~36.18.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~7.4~17.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-driver-input\", rpm:\"xorg-x11-driver-input~7.4~11.6.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-driver-video\", rpm:\"xorg-x11-driver-video~7.4~19.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-driver-video-radeonhd\", rpm:\"xorg-x11-driver-video-radeonhd~1.2.4_121202_4e89726~2.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~7.4~17.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-server-extra\", rpm:\"xorg-x11-server-extra~7.4~17.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-server-sdk\", rpm:\"xorg-x11-server-sdk~7.4~17.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~97.77.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~97.77.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ConsoleKit\", rpm:\"ConsoleKit~0.2.10~14.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ConsoleKit-devel\", rpm:\"ConsoleKit-devel~0.2.10~14.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ConsoleKit-x11\", rpm:\"ConsoleKit-x11~0.2.10~14.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.7~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.7~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager\", rpm:\"NetworkManager~0.7.0.r3685~7.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-devel\", rpm:\"NetworkManager-devel~0.7.0.r3685~7.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-glib\", rpm:\"NetworkManager-glib~0.7.0.r3685~7.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-gnome\", rpm:\"NetworkManager-gnome~0.7.0.r729~7.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-kde\", rpm:\"NetworkManager-kde~0.7r821737~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-kde-devel\", rpm:\"NetworkManager-kde-devel~0.7r821737~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-openvpn-kde\", rpm:\"NetworkManager-openvpn-kde~0.7r821737~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-vpnc-kde\", rpm:\"NetworkManager-vpnc-kde~0.7r821737~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~8.1.4~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-audio\", rpm:\"bluez-audio~3.32~8.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-cups\", rpm:\"bluez-cups~3.32~8.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-test\", rpm:\"bluez-test~3.32~8.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-utils\", rpm:\"bluez-utils~3.32~8.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1\", rpm:\"dbus-1~1.2.1~15.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-devel\", rpm:\"dbus-1-devel~1.2.1~15.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-devel-doc\", rpm:\"dbus-1-devel-doc~1.2.1~15.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-glib\", rpm:\"dbus-1-glib~0.74~88.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-glib-devel\", rpm:\"dbus-1-glib-devel~0.74~88.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-glib-doc\", rpm:\"dbus-1-glib-doc~0.74~88.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-mono\", rpm:\"dbus-1-mono~0.63~154.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-python\", rpm:\"dbus-1-python~0.82.4~49.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-python-devel\", rpm:\"dbus-1-python-devel~0.82.4~49.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-qt3\", rpm:\"dbus-1-qt3~0.62~179.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-qt3-devel\", rpm:\"dbus-1-qt3-devel~0.62~179.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-x11\", rpm:\"dbus-1-x11~1.2.1~18.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-devel\", rpm:\"ghostscript-devel~8.62~17.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-fonts-other\", rpm:\"ghostscript-fonts-other~8.62~17.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-fonts-rus\", rpm:\"ghostscript-fonts-rus~8.62~17.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-fonts-std\", rpm:\"ghostscript-fonts-std~8.62~17.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-ijs-devel\", rpm:\"ghostscript-ijs-devel~8.62~17.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-library\", rpm:\"ghostscript-library~8.62~17.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-omni\", rpm:\"ghostscript-omni~8.62~17.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-x11\", rpm:\"ghostscript-x11~8.62~17.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk\", rpm:\"java-1_6_0-openjdk~1.4_b14~24.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-demo\", rpm:\"java-1_6_0-openjdk-demo~1.4_b14~24.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-devel\", rpm:\"java-1_6_0-openjdk-devel~1.4_b14~24.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-javadoc\", rpm:\"java-1_6_0-openjdk-javadoc~1.4_b14~24.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-plugin\", rpm:\"java-1_6_0-openjdk-plugin~1.4_b14~24.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-src\", rpm:\"java-1_6_0-openjdk-src~1.4_b14~24.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kpartx\", rpm:\"kpartx~0.4.7~127.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lcms\", rpm:\"lcms~1.17~40.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgimpprint\", rpm:\"libgimpprint~4.2.7~258.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgimpprint-devel\", rpm:\"libgimpprint-devel~4.2.7~258.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"liblcms-devel\", rpm:\"liblcms-devel~1.17~40.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"liblcms1\", rpm:\"liblcms1~1.17~40.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.4.1~28.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.7~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.7~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.7~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.7~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"multipath-tools\", rpm:\"multipath-tools~0.4.7~127.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opera\", rpm:\"opera~9.64~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"powersave\", rpm:\"powersave~0.15.20~38.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"powersave-devel\", rpm:\"powersave-devel~0.15.20~38.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"powersave-libs\", rpm:\"powersave-libs~0.15.20~38.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~95.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~95.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager\", rpm:\"NetworkManager~0.6.5~37.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-devel\", rpm:\"NetworkManager-devel~0.6.5~37.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-glib\", rpm:\"NetworkManager-glib~0.6.5~37.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-gnome\", rpm:\"NetworkManager-gnome~0.6.5~37.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-kde\", rpm:\"NetworkManager-kde~0.2r674918~55.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-kde-devel\", rpm:\"NetworkManager-kde-devel~0.2r674918~55.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-openvpn-kde\", rpm:\"NetworkManager-openvpn-kde~0.2r674918~55.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-vpnc-kde\", rpm:\"NetworkManager-vpnc-kde~0.2r674918~55.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~8.1.4~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-cups\", rpm:\"bluez-cups~3.18~13.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-test\", rpm:\"bluez-test~3.18~13.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-utils\", rpm:\"bluez-utils~3.18~13.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1\", rpm:\"dbus-1~1.0.2~59.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-devel\", rpm:\"dbus-1-devel~1.0.2~59.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-devel-doc\", rpm:\"dbus-1-devel-doc~1.0.2~59.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-glib\", rpm:\"dbus-1-glib~0.74~25.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-glib-devel\", rpm:\"dbus-1-glib-devel~0.74~25.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-glib-doc\", rpm:\"dbus-1-glib-doc~0.74~25.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-mono\", rpm:\"dbus-1-mono~0.63~90.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-python\", rpm:\"dbus-1-python~0.82.0~28.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-python-devel\", rpm:\"dbus-1-python-devel~0.82.0~28.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-qt3\", rpm:\"dbus-1-qt3~0.62~110.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-qt3-devel\", rpm:\"dbus-1-qt3-devel~0.62~110.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-x11\", rpm:\"dbus-1-x11~1.0.2~67.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-fonts-other\", rpm:\"ghostscript-fonts-other~8.15.4~3.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-fonts-rus\", rpm:\"ghostscript-fonts-rus~8.15.4~3.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-fonts-std\", rpm:\"ghostscript-fonts-std~8.15.4~3.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-ijs-devel\", rpm:\"ghostscript-ijs-devel~8.15.4~3.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-library\", rpm:\"ghostscript-library~8.15.4~3.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-omni\", rpm:\"ghostscript-omni~8.15.4~3.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-x11\", rpm:\"ghostscript-x11~8.15.4~3.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hal\", rpm:\"hal~0.5.9_git20070831~13.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hal-devel\", rpm:\"hal-devel~0.5.9_git20070831~13.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kpartx\", rpm:\"kpartx~0.4.7~80.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgimpprint\", rpm:\"libgimpprint~4.2.7~178.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgimpprint-devel\", rpm:\"libgimpprint-devel~4.2.7~178.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"liblcms\", rpm:\"liblcms~1.16~39.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"liblcms-devel\", rpm:\"liblcms-devel~1.16~39.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.3.1~26.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"multipath-tools\", rpm:\"multipath-tools~0.4.7~80.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opera\", rpm:\"opera~9.64~1.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"powersave\", rpm:\"powersave~0.15.17~10.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"powersave-devel\", rpm:\"powersave-devel~0.15.17~10.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"powersave-libs\", rpm:\"powersave-libs~0.15.17~10.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-12T10:07:06", "description": "Multiple security fixes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2009-02-13T00:00:00", "title": "Fedora 9 : moodle-1.9.4-1.fc9 (2009-1641)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "modified": "2009-02-13T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:moodle", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2009-1641.NASL", "href": "https://www.tenable.com/plugins/nessus/35671", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-1641.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35671);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\");\n script_bugtraq_id(33610, 33612);\n script_xref(name:\"FEDORA\", value:\"2009-1641\");\n\n script_name(english:\"Fedora 9 : moodle-1.9.4-1.fc9 (2009-1641)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security fixes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=484916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=484922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=484923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=484924\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-February/020136.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ed2b078\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(79, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"moodle-1.9.4-1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-12T10:07:07", "description": "Multiple security fixes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2009-04-23T00:00:00", "title": "Fedora 10 : moodle-1.9.4-1.fc10 (2009-1699)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:moodle"], "id": "FEDORA_2009-1699.NASL", "href": "https://www.tenable.com/plugins/nessus/37466", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-1699.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37466);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\");\n script_xref(name:\"FEDORA\", value:\"2009-1699\");\n\n script_name(english:\"Fedora 10 : moodle-1.9.4-1.fc10 (2009-1699)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security fixes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=484916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=484922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=484923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=484924\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-February/020297.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?31f1de59\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_cwe_id(79, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"moodle-1.9.4-1.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-17T14:04:51", "description": "moodle was prone to several cross-site-scripting (XSS) and\ncross-site-request-forgery (CSRF) problems (CVE-2009-0499,\nCVE-2009-0500, CVE-2009-0501, CVE-2009-0502).", "edition": 24, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : moodle (moodle-672)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "modified": "2009-07-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:moodle-km", "p-cpe:/a:novell:opensuse:moodle-he", "p-cpe:/a:novell:opensuse:moodle-ga", "p-cpe:/a:novell:opensuse:moodle-is", "p-cpe:/a:novell:opensuse:moodle-fa", "p-cpe:/a:novell:opensuse:moodle-ja", "p-cpe:/a:novell:opensuse:moodle-sq", "p-cpe:/a:novell:opensuse:moodle-da", "p-cpe:/a:novell:opensuse:moodle-sv", "p-cpe:/a:novell:opensuse:moodle-hu", "p-cpe:/a:novell:opensuse:moodle-nn", "p-cpe:/a:novell:opensuse:moodle-kn", "p-cpe:/a:novell:opensuse:moodle-af", "p-cpe:/a:novell:opensuse:moodle-de_du", "p-cpe:/a:novell:opensuse:moodle-tr", "p-cpe:/a:novell:opensuse:moodle-hi", "p-cpe:/a:novell:opensuse:moodle-eu", "p-cpe:/a:novell:opensuse:moodle-lv", "p-cpe:/a:novell:opensuse:moodle-pl", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:moodle-sr", "p-cpe:/a:novell:opensuse:moodle-ar", "p-cpe:/a:novell:opensuse:moodle-ms", "p-cpe:/a:novell:opensuse:moodle-gl", "p-cpe:/a:novell:opensuse:moodle", "p-cpe:/a:novell:opensuse:moodle-fi", "p-cpe:/a:novell:opensuse:moodle-fr", "p-cpe:/a:novell:opensuse:moodle-et", "p-cpe:/a:novell:opensuse:moodle-vi", "p-cpe:/a:novell:opensuse:moodle-id", "p-cpe:/a:novell:opensuse:moodle-mi_tn", "p-cpe:/a:novell:opensuse:moodle-th", "p-cpe:/a:novell:opensuse:moodle-el", "p-cpe:/a:novell:opensuse:moodle-lt", "p-cpe:/a:novell:opensuse:moodle-de", "p-cpe:/a:novell:opensuse:moodle-ko", "p-cpe:/a:novell:opensuse:moodle-it", "p-cpe:/a:novell:opensuse:moodle-ru", "p-cpe:/a:novell:opensuse:moodle-bs", "p-cpe:/a:novell:opensuse:moodle-zh_cn", "p-cpe:/a:novell:opensuse:moodle-hr", "p-cpe:/a:novell:opensuse:moodle-sl", "p-cpe:/a:novell:opensuse:moodle-nl", "p-cpe:/a:novell:opensuse:moodle-ka", "p-cpe:/a:novell:opensuse:moodle-no", "p-cpe:/a:novell:opensuse:moodle-cs", "p-cpe:/a:novell:opensuse:moodle-ro", "p-cpe:/a:novell:opensuse:moodle-pt", "p-cpe:/a:novell:opensuse:moodle-tl", "p-cpe:/a:novell:opensuse:moodle-uk", "p-cpe:/a:novell:opensuse:moodle-es", "p-cpe:/a:novell:opensuse:moodle-be", "p-cpe:/a:novell:opensuse:moodle-ca", "p-cpe:/a:novell:opensuse:moodle-bg", "p-cpe:/a:novell:opensuse:moodle-sk", "p-cpe:/a:novell:opensuse:moodle-so"], "id": "SUSE_11_1_MOODLE-090319.NASL", "href": "https://www.tenable.com/plugins/nessus/40276", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update moodle-672.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40276);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\");\n\n script_name(english:\"openSUSE Security Update : moodle (moodle-672)\");\n script_summary(english:\"Check for the moodle-672 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"moodle was prone to several cross-site-scripting (XSS) and\ncross-site-request-forgery (CSRF) problems (CVE-2009-0499,\nCVE-2009-0500, CVE-2009-0501, CVE-2009-0502).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=475111\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_cwe_id(79, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de_du\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-mi_tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-zh_cn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-af-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ar-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-be-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-bg-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-bs-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ca-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-cs-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-da-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-de-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-de_du-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-el-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-es-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-et-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-eu-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-fa-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-fi-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-fr-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ga-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-gl-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-he-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-hi-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-hr-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-hu-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-id-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-is-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-it-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ja-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ka-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-km-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-kn-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ko-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-lt-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-lv-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-mi_tn-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ms-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-nl-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-nn-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-no-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-pl-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-pt-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ro-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ru-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-sk-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-sl-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-so-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-sq-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-sr-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-sv-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-th-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-tl-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-tr-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-uk-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-vi-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-zh_cn-1.9.3-1.11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle / moodle-af / moodle-ar / moodle-be / moodle-bg / moodle-bs / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-17T14:03:34", "description": "moodle was prone to several cross-site-scripting (XSS) and\ncross-site-request-forgery (CSRF) problems (CVE-2009-0499,\nCVE-2009-0500, CVE-2009-0501, CVE-2009-0502).", "edition": 24, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : moodle (moodle-672)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "modified": "2009-07-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:moodle-km", "p-cpe:/a:novell:opensuse:moodle-he", "p-cpe:/a:novell:opensuse:moodle-ga", "p-cpe:/a:novell:opensuse:moodle-is", "p-cpe:/a:novell:opensuse:moodle-fa", "p-cpe:/a:novell:opensuse:moodle-ja", "p-cpe:/a:novell:opensuse:moodle-sq", "p-cpe:/a:novell:opensuse:moodle-da", "cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:moodle-sv", "p-cpe:/a:novell:opensuse:moodle-hu", "p-cpe:/a:novell:opensuse:moodle-nn", "p-cpe:/a:novell:opensuse:moodle-kn", "p-cpe:/a:novell:opensuse:moodle-af", "p-cpe:/a:novell:opensuse:moodle-de_du", "p-cpe:/a:novell:opensuse:moodle-tr", "p-cpe:/a:novell:opensuse:moodle-hi", "p-cpe:/a:novell:opensuse:moodle-eu", "p-cpe:/a:novell:opensuse:moodle-lv", "p-cpe:/a:novell:opensuse:moodle-pl", "p-cpe:/a:novell:opensuse:moodle-sr", "p-cpe:/a:novell:opensuse:moodle-ar", "p-cpe:/a:novell:opensuse:moodle-ms", "p-cpe:/a:novell:opensuse:moodle-gl", "p-cpe:/a:novell:opensuse:moodle", "p-cpe:/a:novell:opensuse:moodle-fi", "p-cpe:/a:novell:opensuse:moodle-fr", "p-cpe:/a:novell:opensuse:moodle-et", "p-cpe:/a:novell:opensuse:moodle-vi", "p-cpe:/a:novell:opensuse:moodle-id", "p-cpe:/a:novell:opensuse:moodle-mi_tn", "p-cpe:/a:novell:opensuse:moodle-th", "p-cpe:/a:novell:opensuse:moodle-el", "p-cpe:/a:novell:opensuse:moodle-lt", "p-cpe:/a:novell:opensuse:moodle-de", "p-cpe:/a:novell:opensuse:moodle-ko", "p-cpe:/a:novell:opensuse:moodle-it", "p-cpe:/a:novell:opensuse:moodle-ru", "p-cpe:/a:novell:opensuse:moodle-bs", "p-cpe:/a:novell:opensuse:moodle-zh_cn", "p-cpe:/a:novell:opensuse:moodle-hr", "p-cpe:/a:novell:opensuse:moodle-sl", "p-cpe:/a:novell:opensuse:moodle-nl", "p-cpe:/a:novell:opensuse:moodle-ka", "p-cpe:/a:novell:opensuse:moodle-no", "p-cpe:/a:novell:opensuse:moodle-cs", "p-cpe:/a:novell:opensuse:moodle-ro", "p-cpe:/a:novell:opensuse:moodle-pt", "p-cpe:/a:novell:opensuse:moodle-tl", "p-cpe:/a:novell:opensuse:moodle-uk", "p-cpe:/a:novell:opensuse:moodle-es", "p-cpe:/a:novell:opensuse:moodle-be", "p-cpe:/a:novell:opensuse:moodle-ca", "p-cpe:/a:novell:opensuse:moodle-bg", "p-cpe:/a:novell:opensuse:moodle-sk", "p-cpe:/a:novell:opensuse:moodle-so"], "id": "SUSE_11_0_MOODLE-090320.NASL", "href": "https://www.tenable.com/plugins/nessus/40069", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update moodle-672.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40069);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\");\n\n script_name(english:\"openSUSE Security Update : moodle (moodle-672)\");\n script_summary(english:\"Check for the moodle-672 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"moodle was prone to several cross-site-scripting (XSS) and\ncross-site-request-forgery (CSRF) problems (CVE-2009-0499,\nCVE-2009-0500, CVE-2009-0501, CVE-2009-0502).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=475111\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_cwe_id(79, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de_du\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-mi_tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-zh_cn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-af-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ar-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-be-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-bg-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-bs-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ca-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-cs-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-da-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-de-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-de_du-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-el-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-es-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-et-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-eu-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-fa-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-fi-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-fr-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ga-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-gl-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-he-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-hi-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-hr-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-hu-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-id-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-is-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-it-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ja-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ka-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-km-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-kn-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ko-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-lt-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-lv-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-mi_tn-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ms-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-nl-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-nn-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-no-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-pl-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-pt-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ro-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ru-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-sk-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-sl-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-so-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-sq-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-sr-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-sv-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-th-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-tl-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-tr-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-uk-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-vi-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-zh_cn-1.9.0-24.6\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle / moodle-af / moodle-ar / moodle-be / moodle-bg / moodle-bs / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P"}}, {"lastseen": "2021-01-06T09:45:17", "description": "Several vulnerabilities have been discovered in Moodle, an online\ncourse management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2009-0500\n It was discovered that the information stored in the log\n tables was not properly sanitized, which could allow\n attackers to inject arbitrary web code.\n\n - CVE-2009-0502\n It was discovered that certain input via the 'Login as'\n function was not properly sanitised leading to the\n injection of arbitrary web script.\n\n - CVE-2008-5153\n Dmitry E. Oboukhov discovered that the SpellCheker\n plugin creates temporary files insecurely, allowing a\n denial of service attack. Since the plugin was unused,\n it is removed in this update.", "edition": 28, "published": "2009-02-17T00:00:00", "title": "Debian DSA-1724-1 : moodle - several vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0502", "CVE-2008-5153", "CVE-2009-0500"], "modified": "2009-02-17T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:moodle"], "id": "DEBIAN_DSA-1724.NASL", "href": "https://www.tenable.com/plugins/nessus/35691", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1724. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35691);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2008-5153\", \"CVE-2009-0500\", \"CVE-2009-0502\");\n script_bugtraq_id(32402, 33610);\n script_xref(name:\"DSA\", value:\"1724\");\n\n script_name(english:\"Debian DSA-1724-1 : moodle - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in Moodle, an online\ncourse management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2009-0500\n It was discovered that the information stored in the log\n tables was not properly sanitized, which could allow\n attackers to inject arbitrary web code.\n\n - CVE-2009-0502\n It was discovered that certain input via the 'Login as'\n function was not properly sanitised leading to the\n injection of arbitrary web script.\n\n - CVE-2008-5153\n Dmitry E. Oboukhov discovered that the SpellCheker\n plugin creates temporary files insecurely, allowing a\n denial of service attack. Since the plugin was unused,\n it is removed in this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2009/dsa-1724\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the moodle package.\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 1.6.3-2+etch2.\n\nFor the testing (lenny) distribution these problems have been fixed in\nversion 1.8.2.dfsg-3+lenny1.\n\nFor the unstable (sid) distribution these problems have been fixed in\nversion 1.8.2.dfsg-4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"moodle\", reference:\"1.6.3-2+etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T15:44:37", "description": "Thor Larholm discovered that PHPMailer, as used by Moodle, did not\ncorrectly escape email addresses. A local attacker with direct access\nto the Moodle database could exploit this to execute arbitrary\ncommands as the web server user. (CVE-2007-3215)\n\nNigel McNie discovered that fetching https URLs did not correctly\nescape shell meta-characters. An authenticated remote attacker could\nexecute arbitrary commands as the web server user, if curl was\ninstalled and configured. (CVE-2008-4796, MSA-09-0003)\n\nIt was discovered that Smarty (also included in Moodle), did not\ncorrectly filter certain inputs. An authenticated remote attacker\ncould exploit this to execute arbitrary PHP commands as the web server\nuser. (CVE-2008-4810, CVE-2008-4811, CVE-2009-1669)\n\nIt was discovered that the unused SpellChecker extension in Moodle did\nnot correctly handle temporary files. If the tool had been locally\nmodified, it could be made to overwrite arbitrary local files via\nsymlinks. (CVE-2008-5153)\n\nMike Churchward discovered that Moodle did not correctly filter Wiki\npage titles in certain areas. An authenticated remote attacker could\nexploit this to cause cross-site scripting (XSS), which could be used\nto modify or steal confidential data of other users within the same\nweb domain. (CVE-2008-5432, MSA-08-0022)\n\nIt was discovered that the HTML sanitizer, 'Login as' feature, and\nlogging in Moodle did not correctly handle certain inputs. An\nauthenticated remote attacker could exploit this to generate XSS,\nwhich could be used to modify or steal confidential data of other\nusers within the same web domain. (CVE-2008-5619, CVE-2009-0500,\nCVE-2009-0502, MSA-08-0026, MSA-09-0004, MSA-09-0007)\n\nIt was discovered that the HotPot module in Moodle did not correctly\nfilter SQL inputs. An authenticated remote attacker could execute\narbitrary SQL commands as the moodle database user, leading to a loss\nof privacy or denial of service. (CVE-2008-6124, MSA-08-0010)\n\nKevin Madura discovered that the forum actions and messaging settings\nin Moodle were not protected from cross-site request forgery (CSRF).\nIf an authenticated user were tricked into visiting a malicious\nwebsite while logged into Moodle, a remote attacker could change the\nuser's configurations or forum content. (CVE-2009-0499, MSA-09-0008,\nMSA-08-0023)\n\nDaniel Cabezas discovered that Moodle would leak usernames from the\nCalendar Export tool. A remote attacker could gather a list of users,\nleading to a loss of privacy. (CVE-2009-0501, MSA-09-0006)\n\nChristian Eibl discovered that the TeX filter in Moodle allowed any\nfunction to be used. An authenticated remote attacker could post a\nspecially crafted TeX formula to execute arbitrary TeX functions,\npotentially reading any file accessible to the web server user,\nleading to a loss of privacy. (CVE-2009-1171, MSA-09-0009)\n\nJohannes Kuhn discovered that Moodle did not correctly validate user\npermissions when attempting to switch user accounts. An authenticated\nremote attacker could switch to any other Moodle user, leading to a\nloss of privacy. (MSA-08-0003)\n\nHanno Boeck discovered that unconfigured Moodle instances contained\nXSS vulnerabilities. An unauthenticated remote attacker could exploit\nthis to modify or steal confidential data of other users within the\nsame web domain. (MSA-08-0004)\n\nDebbie McDonald, Mauno Korpelainen, Howard Miller, and Juan Segarra\nMontesinos discovered that when users were deleted from Moodle, their\nprofiles and avatars were still visible. An authenticated remote\nattacker could exploit this to store information in profiles even\nafter they were removed, leading to spam traffic. (MSA-08-0015,\nMSA-09-0001, MSA-09-0002)\n\nLars Vogdt discovered that Moodle did not correctly filter certain\ninputs. An authenticated remote attacker could exploit this to\ngenerate XSS from which they could modify or steal confidential data\nof other users within the same web domain. (MSA-08-0021)\n\nIt was discovered that Moodle did not correctly filter inputs for\ngroup creation, mnet, essay question, HOST param, wiki param, and\nothers. An authenticated remote attacker could exploit this to\ngenerate XSS from which they could modify or steal confidential data\nof other users within the same web domain. (MDL-9288, MDL-11759,\nMDL-12079, MDL-12793, MDL-14806)\n\nIt was discovered that Moodle did not correctly filter SQL inputs when\nperforming a restore. An attacker authenticated as a Moodle\nadministrator could execute arbitrary SQL commands as the moodle\ndatabase user, leading to a loss of privacy or denial of service.\n(MDL-11857).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 31, "published": "2009-06-25T00:00:00", "title": "Ubuntu 8.04 LTS / 8.10 : moodle vulnerabilities (USN-791-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2008-4811", "CVE-2008-5432", "CVE-2008-5619", "CVE-2009-0502", "CVE-2008-4810", "CVE-2008-4796", "CVE-2008-6124", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500", "CVE-2009-1171", "CVE-2009-1669", "CVE-2007-3215"], "modified": "2009-06-25T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:moodle", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.10"], "id": "UBUNTU_USN-791-1.NASL", "href": "https://www.tenable.com/plugins/nessus/39516", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-791-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39516);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2007-3215\", \"CVE-2008-4796\", \"CVE-2008-4810\", \"CVE-2008-4811\", \"CVE-2008-5153\", \"CVE-2008-5432\", \"CVE-2008-5619\", \"CVE-2008-6124\", \"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\", \"CVE-2009-1171\", \"CVE-2009-1669\");\n script_bugtraq_id(31862, 31887, 32402, 32799, 33610, 33612, 34278, 34918);\n script_xref(name:\"USN\", value:\"791-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 : moodle vulnerabilities (USN-791-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Thor Larholm discovered that PHPMailer, as used by Moodle, did not\ncorrectly escape email addresses. A local attacker with direct access\nto the Moodle database could exploit this to execute arbitrary\ncommands as the web server user. (CVE-2007-3215)\n\nNigel McNie discovered that fetching https URLs did not correctly\nescape shell meta-characters. An authenticated remote attacker could\nexecute arbitrary commands as the web server user, if curl was\ninstalled and configured. (CVE-2008-4796, MSA-09-0003)\n\nIt was discovered that Smarty (also included in Moodle), did not\ncorrectly filter certain inputs. An authenticated remote attacker\ncould exploit this to execute arbitrary PHP commands as the web server\nuser. (CVE-2008-4810, CVE-2008-4811, CVE-2009-1669)\n\nIt was discovered that the unused SpellChecker extension in Moodle did\nnot correctly handle temporary files. If the tool had been locally\nmodified, it could be made to overwrite arbitrary local files via\nsymlinks. (CVE-2008-5153)\n\nMike Churchward discovered that Moodle did not correctly filter Wiki\npage titles in certain areas. An authenticated remote attacker could\nexploit this to cause cross-site scripting (XSS), which could be used\nto modify or steal confidential data of other users within the same\nweb domain. (CVE-2008-5432, MSA-08-0022)\n\nIt was discovered that the HTML sanitizer, 'Login as' feature, and\nlogging in Moodle did not correctly handle certain inputs. An\nauthenticated remote attacker could exploit this to generate XSS,\nwhich could be used to modify or steal confidential data of other\nusers within the same web domain. (CVE-2008-5619, CVE-2009-0500,\nCVE-2009-0502, MSA-08-0026, MSA-09-0004, MSA-09-0007)\n\nIt was discovered that the HotPot module in Moodle did not correctly\nfilter SQL inputs. An authenticated remote attacker could execute\narbitrary SQL commands as the moodle database user, leading to a loss\nof privacy or denial of service. (CVE-2008-6124, MSA-08-0010)\n\nKevin Madura discovered that the forum actions and messaging settings\nin Moodle were not protected from cross-site request forgery (CSRF).\nIf an authenticated user were tricked into visiting a malicious\nwebsite while logged into Moodle, a remote attacker could change the\nuser's configurations or forum content. (CVE-2009-0499, MSA-09-0008,\nMSA-08-0023)\n\nDaniel Cabezas discovered that Moodle would leak usernames from the\nCalendar Export tool. A remote attacker could gather a list of users,\nleading to a loss of privacy. (CVE-2009-0501, MSA-09-0006)\n\nChristian Eibl discovered that the TeX filter in Moodle allowed any\nfunction to be used. An authenticated remote attacker could post a\nspecially crafted TeX formula to execute arbitrary TeX functions,\npotentially reading any file accessible to the web server user,\nleading to a loss of privacy. (CVE-2009-1171, MSA-09-0009)\n\nJohannes Kuhn discovered that Moodle did not correctly validate user\npermissions when attempting to switch user accounts. An authenticated\nremote attacker could switch to any other Moodle user, leading to a\nloss of privacy. (MSA-08-0003)\n\nHanno Boeck discovered that unconfigured Moodle instances contained\nXSS vulnerabilities. An unauthenticated remote attacker could exploit\nthis to modify or steal confidential data of other users within the\nsame web domain. (MSA-08-0004)\n\nDebbie McDonald, Mauno Korpelainen, Howard Miller, and Juan Segarra\nMontesinos discovered that when users were deleted from Moodle, their\nprofiles and avatars were still visible. An authenticated remote\nattacker could exploit this to store information in profiles even\nafter they were removed, leading to spam traffic. (MSA-08-0015,\nMSA-09-0001, MSA-09-0002)\n\nLars Vogdt discovered that Moodle did not correctly filter certain\ninputs. An authenticated remote attacker could exploit this to\ngenerate XSS from which they could modify or steal confidential data\nof other users within the same web domain. (MSA-08-0021)\n\nIt was discovered that Moodle did not correctly filter inputs for\ngroup creation, mnet, essay question, HOST param, wiki param, and\nothers. An authenticated remote attacker could exploit this to\ngenerate XSS from which they could modify or steal confidential data\nof other users within the same web domain. (MDL-9288, MDL-11759,\nMDL-12079, MDL-12793, MDL-14806)\n\nIt was discovered that Moodle did not correctly filter SQL inputs when\nperforming a restore. An attacker authenticated as a Moodle\nadministrator could execute arbitrary SQL commands as the moodle\ndatabase user, leading to a loss of privacy or denial of service.\n(MDL-11857).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/791-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Roundcube 0.2beta RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 59, 79, 89, 94, 264, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/06/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2021 Canonical, Inc. / NASL script (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"moodle\", pkgver:\"1.8.2-1ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"moodle\", pkgver:\"1.8.2-1.2ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T12:09:14", "description": "The 'forum' code in the version of Moodle installed on the remote host\nis affected by a cross-site request forgery vulnerability due to a\nfailure to properly validate requests before deleting forum posts. If\nan attacker can trick a Moodle user into clicking on a malicious link,\nthis issue could be leveraged to delete the user's posts.\n\nNote that this install is also likely affected by several other\nvulnerabilities, including one allowing for arbitrary code execution,\nalthough Nessus has not checked for them.", "edition": 26, "published": "2009-02-27T00:00:00", "title": "Moodle Forum 'post.php' Unauthorized Post Deletion CSRF", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0499"], "modified": "2009-02-27T00:00:00", "cpe": ["cpe:/a:moodle:moodle"], "id": "MOODLE_FORUM_CSRF.NASL", "href": "https://www.tenable.com/plugins/nessus/35749", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(35749);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2009-0499\");\n script_bugtraq_id(33615);\n script_xref(name:\"Secunia\", value:\"33775\");\n\n script_name(english:\"Moodle Forum 'post.php' Unauthorized Post Deletion CSRF\");\n script_summary(english:\"Looks for hidden sesskey variable in 'prune.html'.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is affected by a\ncross-site request forgery vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The 'forum' code in the version of Moodle installed on the remote host\nis affected by a cross-site request forgery vulnerability due to a\nfailure to properly validate requests before deleting forum posts. If\nan attacker can trick a Moodle user into clicking on a malicious link,\nthis issue could be leveraged to delete the user's posts.\n\nNote that this install is also likely affected by several other\nvulnerabilities, including one allowing for arbitrary code execution,\nalthough Nessus has not checked for them.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.moodle.org/en/Moodle_1.9.4_release_notes\");\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.moodle.org/en/Moodle_1.8.8_release_notes\");\n script_set_attribute(attribute:\"see_also\", value:\"https://moodle.org/mod/forum/discuss.php?d=115529\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Moodle version 1.9.4 / 1.8.8 / 1.7.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(352);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:moodle:moodle\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"moodle_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/Moodle\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Moodle\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port\n);\n\ndir = install['path'];\ninstall_url = build_url(port:port, qs:dir);\n\n# Grab prune.html.\nurl = dir + \"/mod/forum/prune.html\";\n\nres = http_send_recv3(method:\"GET\", item:url, port:port, exit_on_fail:TRUE);\n\n# There's a problem if it doesn't have the sesskey variable.\nif (\n '<form id=\"pruneform\" method=\"get\"' >< res[2] &&\n '<input type=\"hidden\" name=\"confirm\"' >< res[2] &&\n '<input type=\"hidden\" name=\"sesskey\"' >!< res[2]\n)\n{\n set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);\n security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500", "CVE-2009-0501", "CVE-2009-0502"], "description": "Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities. ", "modified": "2009-02-13T04:46:04", "published": "2009-02-13T04:46:04", "id": "FEDORA:9CD3820851E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: moodle-1.9.4-1.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500", "CVE-2009-0501", "CVE-2009-0502"], "description": "Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities. ", "modified": "2009-02-13T21:38:49", "published": "2009-02-13T21:38:49", "id": "FEDORA:6D2242084D5", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: moodle-1.9.4-1.fc10", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-1171"], "description": "Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities. ", "modified": "2009-12-11T18:13:02", "published": "2009-12-11T18:13:02", "id": "FEDORA:7E1DF10F85C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: moodle-1.9.7-1.fc10", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-1171"], "description": "Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities. ", "modified": "2009-04-02T17:22:01", "published": "2009-04-02T17:22:01", "id": "FEDORA:4424B20894E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 9 Update: moodle-1.9.4-6.fc9", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:49", "bulletinFamily": "unix", "cvelist": ["CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-1171"], "description": "Moodle is a course management system (CMS) - a free, Open Source software package designed using sound pedagogical principles, to help educators crea te effective online learning communities. ", "modified": "2009-04-02T17:21:49", "published": "2009-04-02T17:21:49", "id": "FEDORA:0C0B6208959", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 10 Update: moodle-1.9.4-6.fc10", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:29", "bulletinFamily": "software", "cvelist": ["CVE-2009-0502", "CVE-2008-5153", "CVE-2009-0500"], "description": "- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA 1724-1 security@debian.org\r\nhttp://www.debian.org/security/ Steffen Joeris\r\nFebruary 13th, 2009 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : moodle\r\nVulnerability : several vulnerabilities\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE IDs : CVE-2009-0500 CVE-2009-0502 CVE-2008-5153\r\nDebian Bug : 514284\r\n\r\nSeveral vulnerabilities have been discovered in Moodle, an online\r\ncourse management system. The Common Vulnerabilities and Exposures\r\nproject identifies the following problems:\r\n\r\nCVE-2009-0500\r\n\r\n It was discovered that the information stored in the log tables\r\n was not properly sanitized, which could allow attackers to inject\r\n arbitrary web code.\r\n\r\nCVE-2009-0502\r\n\r\n It was discovered that certain input via the &quot;Login as&quot; function\r\n was not properly sanitised leading to the injection of arbitrary\r\n web script.\r\n\r\nCVE-2008-5153\r\n\r\n Dmitry E. Oboukhov discovered that the SpellCheker plugin creates\r\n temporary files insecurely, allowing a denial of service attack.\r\n Since the plugin was unused, it is removed in this update.\r\n\r\nFor the stable distribution &#40;etch&#41; these problems have been fixed in\r\nversion 1.6.3-2+etch2.\r\n\r\nFor the testing &#40;lenny&#41; distribution these problems have been fixed in\r\nversion 1.8.2.dfsg-3+lenny1.\r\n\r\nFor the unstable &#40;sid&#41; distribution these problems have been fixed in\r\nversion 1.8.2.dfsg-4.\r\n\r\nWe recommend that you upgrade your moodle package.\r\n\r\n\r\nUpgrade Instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given at the end of this advisory:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\n Source archives:\r\n\r\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2.dsc\r\n Size/MD5 checksum: 793 b86fd980d09fc1f54744962d765a17d7\r\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2.diff.gz\r\n Size/MD5 checksum: 25398 60b9bf677040fbd71e7951deaa8b91d7\r\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3.orig.tar.gz\r\n Size/MD5 checksum: 7465709 2f9f3fcf83ab0f18c409f3a48e07eae2\r\n\r\n Architecture independent components:\r\n\r\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb\r\n Size/MD5 checksum: 6582298 7a90893e954672f33e129aa4d7ca5aa3\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: &#96;apt-cache show &lt;pkg&gt;&#39; and http://packages.debian.org/&lt;pkg&gt;\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFJldoJW5ql+IAeqTIRAqgIAJ0dhSgFQxBDCq0PoSav/LyyCmtaYQCgj+Ln\r\nr8qoVwy7k6F60fJPA1DAKYE=\r\n=GzCu\r\n-----END PGP SIGNATURE-----", "edition": 1, "modified": "2009-02-16T00:00:00", "published": "2009-02-16T00:00:00", "id": "SECURITYVULNS:DOC:21355", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21355", "title": "[SECURITY] [DSA 1724-1] New moodle packages fix several vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:32", "bulletinFamily": "software", "cvelist": ["CVE-2009-0240", "CVE-2009-0502", "CVE-2008-5153", "CVE-2009-0500"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "modified": "2009-02-16T00:00:00", "published": "2009-02-16T00:00:00", "id": "SECURITYVULNS:VULN:9681", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9681", "title": "Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-08-12T01:06:39", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0502", "CVE-2008-5153", "CVE-2009-0500"], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1724-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nFebruary 13th, 2009 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : moodle\nVulnerability : several vulnerabilities\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2009-0500 CVE-2009-0502 CVE-2008-5153\nDebian Bug : 514284\n\nSeveral vulnerabilities have been discovered in Moodle, an online\ncourse management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2009-0500\n\n It was discovered that the information stored in the log tables\n was not properly sanitized, which could allow attackers to inject\n arbitrary web code.\n\nCVE-2009-0502\n\n It was discovered that certain input via the &quot;Login as&quot; function\n was not properly sanitised leading to the injection of arbitrary\n web script.\n\nCVE-2008-5153\n\n Dmitry E. Oboukhov discovered that the SpellCheker plugin creates\n temporary files insecurely, allowing a denial of service attack.\n Since the plugin was unused, it is removed in this update.\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 1.6.3-2+etch2.\n\nFor the testing (lenny) distribution these problems have been fixed in\nversion 1.8.2.dfsg-3+lenny1.\n\nFor the unstable (sid) distribution these problems have been fixed in\nversion 1.8.2.dfsg-4.\n\nWe recommend that you upgrade your moodle package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2.dsc\n Size/MD5 checksum: 793 b86fd980d09fc1f54744962d765a17d7\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2.diff.gz\n Size/MD5 checksum: 25398 60b9bf677040fbd71e7951deaa8b91d7\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3.orig.tar.gz\n Size/MD5 checksum: 7465709 2f9f3fcf83ab0f18c409f3a48e07eae2\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb\n Size/MD5 checksum: 6582298 7a90893e954672f33e129aa4d7ca5aa3\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "edition": 6, "modified": "2009-02-13T20:47:27", "published": "2009-02-13T20:47:27", "id": "DEBIAN:DSA-1724-1:A27A9", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00033.html", "title": "[SECURITY] [DSA 1724-1] New moodle packages fix several vulnerabilities", "type": "debian", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T01:37:41", "bulletinFamily": "unix", "cvelist": ["CVE-2009-0501", "CVE-2008-4811", "CVE-2008-5432", "CVE-2008-5619", "CVE-2009-0502", "CVE-2008-4810", "CVE-2008-4796", "CVE-2008-6124", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500", "CVE-2009-1171", "CVE-2009-1669", "CVE-2007-3215"], "description": "Thor Larholm discovered that PHPMailer, as used by Moodle, did not \ncorrectly escape email addresses. A local attacker with direct access \nto the Moodle database could exploit this to execute arbitrary commands \nas the web server user. (CVE-2007-3215)\n\nNigel McNie discovered that fetching https URLs did not correctly escape \nshell meta-characters. An authenticated remote attacker could execute \narbitrary commands as the web server user, if curl was installed and \nconfigured. (CVE-2008-4796, MSA-09-0003)\n\nIt was discovered that Smarty (also included in Moodle), did not \ncorrectly filter certain inputs. An authenticated remote attacker could \nexploit this to execute arbitrary PHP commands as the web server user. \n(CVE-2008-4810, CVE-2008-4811, CVE-2009-1669)\n\nIt was discovered that the unused SpellChecker extension in Moodle did not \ncorrectly handle temporary files. If the tool had been locally modified, \nit could be made to overwrite arbitrary local files via symlinks. \n(CVE-2008-5153)\n\nMike Churchward discovered that Moodle did not correctly filter Wiki page \ntitles in certain areas. An authenticated remote attacker could exploit \nthis to cause cross-site scripting (XSS), which could be used to modify \nor steal confidential data of other users within the same web domain. \n(CVE-2008-5432, MSA-08-0022)\n\nIt was discovered that the HTML sanitizer, \"Login as\" feature, and logging \nin Moodle did not correctly handle certain inputs. An authenticated \nremote attacker could exploit this to generate XSS, which could be used \nto modify or steal confidential data of other users within the same \nweb domain. (CVE-2008-5619, CVE-2009-0500, CVE-2009-0502, MSA-08-0026, \nMSA-09-0004, MSA-09-0007)\n\nIt was discovered that the HotPot module in Moodle did not correctly \nfilter SQL inputs. An authenticated remote attacker could execute \narbitrary SQL commands as the moodle database user, leading to a loss \nof privacy or denial of service. (CVE-2008-6124, MSA-08-0010)\n\nKevin Madura discovered that the forum actions and messaging settings \nin Moodle were not protected from cross-site request forgery (CSRF). \nIf an authenticated user were tricked into visiting a malicious \nwebsite while logged into Moodle, a remote attacker could change the \nuser's configurations or forum content. (CVE-2009-0499, MSA-09-0008, \nMSA-08-0023)\n\nDaniel Cabezas discovered that Moodle would leak usernames from the \nCalendar Export tool. A remote attacker could gather a list of users, \nleading to a loss of privacy. (CVE-2009-0501, MSA-09-0006)\n\nChristian Eibl discovered that the TeX filter in Moodle allowed any \nfunction to be used. An authenticated remote attacker could post \na specially crafted TeX formula to execute arbitrary TeX functions, \npotentially reading any file accessible to the web server user, leading \nto a loss of privacy. (CVE-2009-1171, MSA-09-0009)\n\nJohannes Kuhn discovered that Moodle did not correctly validate user \npermissions when attempting to switch user accounts. An authenticated \nremote attacker could switch to any other Moodle user, leading to a loss \nof privacy. (MSA-08-0003)\n\nHanno Boeck discovered that unconfigured Moodle instances contained \nXSS vulnerabilities. An unauthenticated remote attacker could exploit \nthis to modify or steal confidential data of other users within the same \nweb domain. (MSA-08-0004)\n\nDebbie McDonald, Mauno Korpelainen, Howard Miller, and Juan Segarra \nMontesinos discovered that when users were deleted from Moodle, their \nprofiles and avatars were still visible. An authenticated remote attacker \ncould exploit this to store information in profiles even after they were \nremoved, leading to spam traffic. (MSA-08-0015, MSA-09-0001, MSA-09-0002)\n\nLars Vogdt discovered that Moodle did not correctly filter certain inputs. \nAn authenticated remote attacker could exploit this to generate XSS from \nwhich they could modify or steal confidential data of other users within \nthe same web domain. (MSA-08-0021)\n\nIt was discovered that Moodle did not correctly filter inputs for group \ncreation, mnet, essay question, HOST param, wiki param, and others. \nAn authenticated remote attacker could exploit this to generate XSS \nfrom which they could modify or steal confidential data of other users \nwithin the same web domain. (MDL-9288, MDL-11759, MDL-12079, MDL-12793, \nMDL-14806)\n\nIt was discovered that Moodle did not correctly filter SQL inputs when \nperforming a restore. An attacker authenticated as a Moodle administrator \ncould execute arbitrary SQL commands as the moodle database user, \nleading to a loss of privacy or denial of service. (MDL-11857)", "edition": 5, "modified": "2009-06-24T00:00:00", "published": "2009-06-24T00:00:00", "id": "USN-791-1", "href": "https://ubuntu.com/security/notices/USN-791-1", "title": "Moodle vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}