{"id": "SUSE_MOODLE-6108.NASL", "bulletinFamily": "scanner", "title": "openSUSE 10 Security Update : moodle (moodle-6108)", "description": "moodle was prone to several cross-site-scripting (XSS) and cross-site-request-forgery (CSRF) problems (CVE-2009-0499, CVE-2009-0500, CVE-2009-0501, CVE-2009-0502).", "published": "2009-03-24T00:00:00", "modified": "2016-12-22T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=36008", "reporter": "Tenable", "references": [], "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "type": "nessus", "lastseen": "2018-09-02T00:03:25", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:moodle-km", "p-cpe:/a:novell:opensuse:moodle-he", "p-cpe:/a:novell:opensuse:moodle-ga", "p-cpe:/a:novell:opensuse:moodle-is", "p-cpe:/a:novell:opensuse:moodle-fa", "cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:moodle-ja", "p-cpe:/a:novell:opensuse:moodle-sq", "p-cpe:/a:novell:opensuse:moodle-da", "p-cpe:/a:novell:opensuse:moodle-sv", "p-cpe:/a:novell:opensuse:moodle-hu", "p-cpe:/a:novell:opensuse:moodle-nn", "p-cpe:/a:novell:opensuse:moodle-kn", "p-cpe:/a:novell:opensuse:moodle-af", "p-cpe:/a:novell:opensuse:moodle-de_du", "p-cpe:/a:novell:opensuse:moodle-tr", "p-cpe:/a:novell:opensuse:moodle-hi", "p-cpe:/a:novell:opensuse:moodle-eu", "p-cpe:/a:novell:opensuse:moodle-lv", "p-cpe:/a:novell:opensuse:moodle-pl", "p-cpe:/a:novell:opensuse:moodle-sr", "p-cpe:/a:novell:opensuse:moodle-ar", "p-cpe:/a:novell:opensuse:moodle-ms", "p-cpe:/a:novell:opensuse:moodle-gl", "p-cpe:/a:novell:opensuse:moodle", "p-cpe:/a:novell:opensuse:moodle-fi", "p-cpe:/a:novell:opensuse:moodle-fr", "p-cpe:/a:novell:opensuse:moodle-et", "p-cpe:/a:novell:opensuse:moodle-vi", "p-cpe:/a:novell:opensuse:moodle-id", "p-cpe:/a:novell:opensuse:moodle-mi_tn", "p-cpe:/a:novell:opensuse:moodle-th", "p-cpe:/a:novell:opensuse:moodle-el", "p-cpe:/a:novell:opensuse:moodle-lt", "p-cpe:/a:novell:opensuse:moodle-de", "p-cpe:/a:novell:opensuse:moodle-ko", "p-cpe:/a:novell:opensuse:moodle-it", "p-cpe:/a:novell:opensuse:moodle-ru", "p-cpe:/a:novell:opensuse:moodle-bs", "p-cpe:/a:novell:opensuse:moodle-zh_cn", "p-cpe:/a:novell:opensuse:moodle-hr", "p-cpe:/a:novell:opensuse:moodle-sl", "p-cpe:/a:novell:opensuse:moodle-nl", "p-cpe:/a:novell:opensuse:moodle-ka", "p-cpe:/a:novell:opensuse:moodle-no", "p-cpe:/a:novell:opensuse:moodle-cs", "p-cpe:/a:novell:opensuse:moodle-ro", "p-cpe:/a:novell:opensuse:moodle-pt", "p-cpe:/a:novell:opensuse:moodle-tl", "p-cpe:/a:novell:opensuse:moodle-uk", "p-cpe:/a:novell:opensuse:moodle-es", "p-cpe:/a:novell:opensuse:moodle-be", "p-cpe:/a:novell:opensuse:moodle-ca", "p-cpe:/a:novell:opensuse:moodle-bg", "p-cpe:/a:novell:opensuse:moodle-sk", "p-cpe:/a:novell:opensuse:moodle-so"], "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "moodle was prone to several cross-site-scripting (XSS) and cross-site-request-forgery (CSRF) problems (CVE-2009-0499, CVE-2009-0500, CVE-2009-0501, CVE-2009-0502).", "edition": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "ad0f54277ec9459185c39b595ef804e4abe02a0eaf16c2761b3ee58ed3f90efb", "hashmap": [{"hash": "956b0cce3d9454921494ef535bcdf2a4", "key": "cvss"}, {"hash": "dec6deabf08a3af183d94936beef7845", "key": "href"}, {"hash": "41aa68518bfab91b7dd030596b99caad", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4a37aa23936005ccc24cd059b2201f23", "key": "modified"}, {"hash": "43abd0dc4231270a7c30edadaf85b248", "key": "cvelist"}, {"hash": "4d5302ab54aff5d8cd48c73260fdcf2b", "key": "title"}, {"hash": "f3fe141fd98f43a6f6a18d275076a7e2", "key": "sourceData"}, {"hash": "bef07eaa68a113f34457bc81a61dbf0b", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f56e3f763acdf02fbd613b8a51e94777", "key": "description"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "abdd06935dd6a4870b1a369b7c5f6782", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=36008", "id": "SUSE_MOODLE-6108.NASL", "lastseen": "2017-10-29T13:43:28", "modified": "2016-12-22T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "36008", "published": "2009-03-24T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update moodle-6108.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36008);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:42:27 $\");\n\n script_cve_id(\"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\");\n\n script_name(english:\"openSUSE 10 Security Update : moodle (moodle-6108)\");\n script_summary(english:\"Check for the moodle-6108 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"moodle was prone to several cross-site-scripting (XSS) and\ncross-site-request-forgery (CSRF) problems (CVE-2009-0499,\nCVE-2009-0500, CVE-2009-0501, CVE-2009-0502).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_cwe_id(79, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de_du\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-mi_tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-zh_cn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-af-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ar-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-be-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-bg-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-bs-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ca-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-cs-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-da-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-de-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-de_du-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-el-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-es-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-et-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-eu-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-fa-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-fi-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-fr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ga-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-gl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-he-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-hi-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-hr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-hu-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-id-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-is-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-it-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ja-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ka-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-km-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-kn-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ko-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-lt-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-lv-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-mi_tn-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ms-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-nl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-nn-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-no-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-pl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-pt-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ro-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ru-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sk-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-so-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sq-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sv-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-th-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-tl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-tr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-uk-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-vi-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-zh_cn-1.8.2-17.12\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle / moodle-af / moodle-ar / moodle-be / moodle-bg / moodle-bs / etc\");\n}\n", "title": "openSUSE 10 Security Update : moodle (moodle-6108)", "type": "nessus", "viewCount": 3}, "differentElements": ["cvss"], "edition": 3, "lastseen": "2017-10-29T13:43:28"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["p-cpe:/a:novell:opensuse:moodle-km", "p-cpe:/a:novell:opensuse:moodle-he", "p-cpe:/a:novell:opensuse:moodle-ga", "p-cpe:/a:novell:opensuse:moodle-is", "p-cpe:/a:novell:opensuse:moodle-fa", "cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:moodle-ja", "p-cpe:/a:novell:opensuse:moodle-sq", "p-cpe:/a:novell:opensuse:moodle-da", "p-cpe:/a:novell:opensuse:moodle-sv", "p-cpe:/a:novell:opensuse:moodle-hu", "p-cpe:/a:novell:opensuse:moodle-nn", "p-cpe:/a:novell:opensuse:moodle-kn", "p-cpe:/a:novell:opensuse:moodle-af", "p-cpe:/a:novell:opensuse:moodle-de_du", "p-cpe:/a:novell:opensuse:moodle-tr", "p-cpe:/a:novell:opensuse:moodle-hi", "p-cpe:/a:novell:opensuse:moodle-eu", "p-cpe:/a:novell:opensuse:moodle-lv", "p-cpe:/a:novell:opensuse:moodle-pl", "p-cpe:/a:novell:opensuse:moodle-sr", "p-cpe:/a:novell:opensuse:moodle-ar", "p-cpe:/a:novell:opensuse:moodle-ms", "p-cpe:/a:novell:opensuse:moodle-gl", "p-cpe:/a:novell:opensuse:moodle", "p-cpe:/a:novell:opensuse:moodle-fi", "p-cpe:/a:novell:opensuse:moodle-fr", "p-cpe:/a:novell:opensuse:moodle-et", "p-cpe:/a:novell:opensuse:moodle-vi", "p-cpe:/a:novell:opensuse:moodle-id", "p-cpe:/a:novell:opensuse:moodle-mi_tn", "p-cpe:/a:novell:opensuse:moodle-th", "p-cpe:/a:novell:opensuse:moodle-el", "p-cpe:/a:novell:opensuse:moodle-lt", "p-cpe:/a:novell:opensuse:moodle-de", "p-cpe:/a:novell:opensuse:moodle-ko", "p-cpe:/a:novell:opensuse:moodle-it", "p-cpe:/a:novell:opensuse:moodle-ru", "p-cpe:/a:novell:opensuse:moodle-bs", "p-cpe:/a:novell:opensuse:moodle-zh_cn", "p-cpe:/a:novell:opensuse:moodle-hr", "p-cpe:/a:novell:opensuse:moodle-sl", "p-cpe:/a:novell:opensuse:moodle-nl", "p-cpe:/a:novell:opensuse:moodle-ka", "p-cpe:/a:novell:opensuse:moodle-no", "p-cpe:/a:novell:opensuse:moodle-cs", "p-cpe:/a:novell:opensuse:moodle-ro", "p-cpe:/a:novell:opensuse:moodle-pt", "p-cpe:/a:novell:opensuse:moodle-tl", "p-cpe:/a:novell:opensuse:moodle-uk", "p-cpe:/a:novell:opensuse:moodle-es", "p-cpe:/a:novell:opensuse:moodle-be", "p-cpe:/a:novell:opensuse:moodle-ca", "p-cpe:/a:novell:opensuse:moodle-bg", "p-cpe:/a:novell:opensuse:moodle-sk", "p-cpe:/a:novell:opensuse:moodle-so"], "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "moodle was prone to several cross-site-scripting (XSS) and cross-site-request-forgery (CSRF) problems (CVE-2009-0499, CVE-2009-0500, CVE-2009-0501, CVE-2009-0502).", "edition": 4, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}}, "hash": "a4822285e70b54576b6abe78326615bb8f1d2968145247b96744aa0449221168", "hashmap": [{"hash": "dec6deabf08a3af183d94936beef7845", "key": "href"}, {"hash": "41aa68518bfab91b7dd030596b99caad", "key": "cpe"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4a37aa23936005ccc24cd059b2201f23", "key": "modified"}, {"hash": "43abd0dc4231270a7c30edadaf85b248", "key": "cvelist"}, {"hash": "4d5302ab54aff5d8cd48c73260fdcf2b", "key": "title"}, {"hash": "f3fe141fd98f43a6f6a18d275076a7e2", "key": "sourceData"}, {"hash": "bef07eaa68a113f34457bc81a61dbf0b", "key": "pluginID"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f56e3f763acdf02fbd613b8a51e94777", "key": "description"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "abdd06935dd6a4870b1a369b7c5f6782", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=36008", "id": "SUSE_MOODLE-6108.NASL", "lastseen": "2018-08-30T19:53:35", "modified": "2016-12-22T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.3", "pluginID": "36008", "published": "2009-03-24T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update moodle-6108.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36008);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:42:27 $\");\n\n script_cve_id(\"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\");\n\n script_name(english:\"openSUSE 10 Security Update : moodle (moodle-6108)\");\n script_summary(english:\"Check for the moodle-6108 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"moodle was prone to several cross-site-scripting (XSS) and\ncross-site-request-forgery (CSRF) problems (CVE-2009-0499,\nCVE-2009-0500, CVE-2009-0501, CVE-2009-0502).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_cwe_id(79, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de_du\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-mi_tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-zh_cn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-af-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ar-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-be-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-bg-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-bs-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ca-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-cs-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-da-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-de-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-de_du-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-el-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-es-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-et-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-eu-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-fa-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-fi-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-fr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ga-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-gl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-he-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-hi-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-hr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-hu-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-id-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-is-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-it-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ja-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ka-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-km-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-kn-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ko-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-lt-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-lv-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-mi_tn-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ms-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-nl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-nn-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-no-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-pl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-pt-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ro-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ru-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sk-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-so-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sq-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sv-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-th-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-tl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-tr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-uk-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-vi-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-zh_cn-1.8.2-17.12\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle / moodle-af / moodle-ar / moodle-be / moodle-bg / moodle-bs / etc\");\n}\n", "title": "openSUSE 10 Security Update : moodle (moodle-6108)", "type": "nessus", "viewCount": 3}, "differentElements": ["cvss"], "edition": 4, "lastseen": "2018-08-30T19:53:35"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": [], "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "moodle was prone to several cross-site-scripting (XSS) and cross-site-request-forgery (CSRF) problems (CVE-2009-0499, CVE-2009-0500, CVE-2009-0501, CVE-2009-0502).", "edition": 2, "enchantments": {}, "hash": "d03eb9d1b39b727f6efd821d35359deeb292d0ae7708258d87a37ef3df5433c3", "hashmap": [{"hash": "956b0cce3d9454921494ef535bcdf2a4", "key": "cvss"}, {"hash": "dec6deabf08a3af183d94936beef7845", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4a37aa23936005ccc24cd059b2201f23", "key": "modified"}, {"hash": "43abd0dc4231270a7c30edadaf85b248", "key": "cvelist"}, {"hash": "4d5302ab54aff5d8cd48c73260fdcf2b", "key": "title"}, {"hash": "f3fe141fd98f43a6f6a18d275076a7e2", "key": "sourceData"}, {"hash": "bef07eaa68a113f34457bc81a61dbf0b", "key": "pluginID"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f56e3f763acdf02fbd613b8a51e94777", "key": "description"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "abdd06935dd6a4870b1a369b7c5f6782", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=36008", "id": "SUSE_MOODLE-6108.NASL", "lastseen": "2016-12-23T06:13:03", "modified": "2016-12-22T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "36008", "published": "2009-03-24T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update moodle-6108.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36008);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:42:27 $\");\n\n script_cve_id(\"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\");\n\n script_name(english:\"openSUSE 10 Security Update : moodle (moodle-6108)\");\n script_summary(english:\"Check for the moodle-6108 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"moodle was prone to several cross-site-scripting (XSS) and\ncross-site-request-forgery (CSRF) problems (CVE-2009-0499,\nCVE-2009-0500, CVE-2009-0501, CVE-2009-0502).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_cwe_id(79, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de_du\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-mi_tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-zh_cn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-af-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ar-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-be-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-bg-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-bs-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ca-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-cs-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-da-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-de-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-de_du-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-el-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-es-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-et-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-eu-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-fa-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-fi-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-fr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ga-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-gl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-he-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-hi-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-hr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-hu-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-id-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-is-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-it-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ja-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ka-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-km-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-kn-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ko-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-lt-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-lv-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-mi_tn-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ms-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-nl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-nn-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-no-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-pl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-pt-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ro-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ru-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sk-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-so-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sq-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sv-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-th-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-tl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-tr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-uk-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-vi-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-zh_cn-1.8.2-17.12\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle / moodle-af / moodle-ar / moodle-be / moodle-bg / moodle-bs / etc\");\n}\n", "title": "openSUSE 10 Security Update : moodle (moodle-6108)", "type": "nessus", "viewCount": 3}, "differentElements": ["cpe"], "edition": 2, "lastseen": "2016-12-23T06:13:03"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "description": "moodle was prone to several cross-site-scripting (XSS) and cross-site-request-forgery (CSRF) problems (CVE-2009-0499, CVE-2009-0500, CVE-2009-0501, CVE-2009-0502).", "edition": 1, "hash": "d714a4321e39facabc28f29230ee652a047a6a1049e15c145c45dd59b5171bbc", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "dec6deabf08a3af183d94936beef7845", "key": "href"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "43abd0dc4231270a7c30edadaf85b248", "key": "cvelist"}, {"hash": "4d5302ab54aff5d8cd48c73260fdcf2b", "key": "title"}, {"hash": "0fa2179ec71a385d715fc43201158c8b", "key": "cvss"}, {"hash": "02fcc0c238d215158fbaabb854c5b3df", "key": "modified"}, {"hash": "bef07eaa68a113f34457bc81a61dbf0b", "key": "pluginID"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "f56e3f763acdf02fbd613b8a51e94777", "key": "description"}, {"hash": "71a40666da62ba38d22539c8277870c7", "key": "naslFamily"}, {"hash": "937bfbd25926e2e4bf64c47ce90cb7b3", "key": "sourceData"}, {"hash": "abdd06935dd6a4870b1a369b7c5f6782", "key": "published"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=36008", "id": "SUSE_MOODLE-6108.NASL", "lastseen": "2016-09-26T17:26:04", "modified": "2014-06-13T00:00:00", "naslFamily": "SuSE Local Security Checks", "objectVersion": "1.2", "pluginID": "36008", "published": "2009-03-24T00:00:00", "references": [], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update moodle-6108.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36008);\n script_version (\"$Revision: 1.7 $\");\n script_cvs_date(\"$Date: 2014/06/13 20:31:03 $\");\n\n script_cve_id(\"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\");\n\n script_name(english:\"openSUSE 10 Security Update : moodle (moodle-6108)\");\n script_summary(english:\"Check for the moodle-6108 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"moodle was prone to several cross-site-scripting (XSS) and\ncross-site-request-forgery (CSRF) problems (CVE-2009-0499,\nCVE-2009-0500, CVE-2009-0501, CVE-2009-0502).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_cwe_id(79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de_du\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-mi_tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-zh_cn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-af-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ar-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-be-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-bg-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-bs-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ca-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-cs-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-da-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-de-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-de_du-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-el-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-es-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-et-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-eu-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-fa-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-fi-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-fr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ga-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-gl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-he-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-hi-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-hr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-hu-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-id-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-is-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-it-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ja-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ka-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-km-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-kn-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ko-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-lt-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-lv-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-mi_tn-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ms-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-nl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-nn-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-no-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-pl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-pt-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ro-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ru-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sk-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-so-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sq-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sv-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-th-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-tl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-tr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-uk-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-vi-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-zh_cn-1.8.2-17.12\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle / moodle-af / moodle-ar / moodle-be / moodle-bg / moodle-bs / etc\");\n}\n", "title": "openSUSE 10 Security Update : moodle (moodle-6108)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 1, "lastseen": "2016-09-26T17:26:04"}], "edition": 5, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "41aa68518bfab91b7dd030596b99caad"}, {"key": "cvelist", "hash": "43abd0dc4231270a7c30edadaf85b248"}, {"key": "cvss", "hash": "956b0cce3d9454921494ef535bcdf2a4"}, {"key": "description", "hash": "f56e3f763acdf02fbd613b8a51e94777"}, {"key": "href", "hash": "dec6deabf08a3af183d94936beef7845"}, {"key": "modified", "hash": "4a37aa23936005ccc24cd059b2201f23"}, {"key": "naslFamily", "hash": "71a40666da62ba38d22539c8277870c7"}, {"key": "pluginID", "hash": "bef07eaa68a113f34457bc81a61dbf0b"}, {"key": "published", "hash": "abdd06935dd6a4870b1a369b7c5f6782"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "f3fe141fd98f43a6f6a18d275076a7e2"}, {"key": "title", "hash": "4d5302ab54aff5d8cd48c73260fdcf2b"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "ad0f54277ec9459185c39b595ef804e4abe02a0eaf16c2761b3ee58ed3f90efb", "viewCount": 3, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "vulnersScore": 5.0}, "objectVersion": "1.3", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update moodle-6108.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(36008);\n script_version (\"$Revision: 1.8 $\");\n script_cvs_date(\"$Date: 2016/12/22 20:42:27 $\");\n\n script_cve_id(\"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\");\n\n script_name(english:\"openSUSE 10 Security Update : moodle (moodle-6108)\");\n script_summary(english:\"Check for the moodle-6108 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"moodle was prone to several cross-site-scripting (XSS) and\ncross-site-request-forgery (CSRF) problems (CVE-2009-0499,\nCVE-2009-0500, CVE-2009-0501, CVE-2009-0502).\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_cwe_id(79, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de_du\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-mi_tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-zh_cn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/03/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-af-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ar-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-be-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-bg-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-bs-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ca-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-cs-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-da-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-de-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-de_du-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-el-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-es-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-et-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-eu-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-fa-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-fi-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-fr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ga-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-gl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-he-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-hi-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-hr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-hu-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-id-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-is-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-it-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ja-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ka-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-km-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-kn-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ko-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-lt-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-lv-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-mi_tn-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ms-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-nl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-nn-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-no-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-pl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-pt-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ro-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-ru-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sk-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-so-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sq-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-sv-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-th-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-tl-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-tr-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-uk-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-vi-1.8.2-17.12\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"moodle-zh_cn-1.8.2-17.12\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle / moodle-af / moodle-ar / moodle-be / moodle-bg / moodle-bs / etc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "36008", "cpe": ["p-cpe:/a:novell:opensuse:moodle-km", "p-cpe:/a:novell:opensuse:moodle-he", "p-cpe:/a:novell:opensuse:moodle-ga", "p-cpe:/a:novell:opensuse:moodle-is", "p-cpe:/a:novell:opensuse:moodle-fa", "cpe:/o:novell:opensuse:10.3", "p-cpe:/a:novell:opensuse:moodle-ja", "p-cpe:/a:novell:opensuse:moodle-sq", "p-cpe:/a:novell:opensuse:moodle-da", "p-cpe:/a:novell:opensuse:moodle-sv", "p-cpe:/a:novell:opensuse:moodle-hu", "p-cpe:/a:novell:opensuse:moodle-nn", "p-cpe:/a:novell:opensuse:moodle-kn", "p-cpe:/a:novell:opensuse:moodle-af", "p-cpe:/a:novell:opensuse:moodle-de_du", "p-cpe:/a:novell:opensuse:moodle-tr", "p-cpe:/a:novell:opensuse:moodle-hi", "p-cpe:/a:novell:opensuse:moodle-eu", "p-cpe:/a:novell:opensuse:moodle-lv", "p-cpe:/a:novell:opensuse:moodle-pl", "p-cpe:/a:novell:opensuse:moodle-sr", "p-cpe:/a:novell:opensuse:moodle-ar", "p-cpe:/a:novell:opensuse:moodle-ms", "p-cpe:/a:novell:opensuse:moodle-gl", "p-cpe:/a:novell:opensuse:moodle", "p-cpe:/a:novell:opensuse:moodle-fi", "p-cpe:/a:novell:opensuse:moodle-fr", "p-cpe:/a:novell:opensuse:moodle-et", "p-cpe:/a:novell:opensuse:moodle-vi", "p-cpe:/a:novell:opensuse:moodle-id", "p-cpe:/a:novell:opensuse:moodle-mi_tn", "p-cpe:/a:novell:opensuse:moodle-th", "p-cpe:/a:novell:opensuse:moodle-el", "p-cpe:/a:novell:opensuse:moodle-lt", "p-cpe:/a:novell:opensuse:moodle-de", "p-cpe:/a:novell:opensuse:moodle-ko", "p-cpe:/a:novell:opensuse:moodle-it", "p-cpe:/a:novell:opensuse:moodle-ru", "p-cpe:/a:novell:opensuse:moodle-bs", "p-cpe:/a:novell:opensuse:moodle-zh_cn", "p-cpe:/a:novell:opensuse:moodle-hr", "p-cpe:/a:novell:opensuse:moodle-sl", "p-cpe:/a:novell:opensuse:moodle-nl", "p-cpe:/a:novell:opensuse:moodle-ka", "p-cpe:/a:novell:opensuse:moodle-no", "p-cpe:/a:novell:opensuse:moodle-cs", "p-cpe:/a:novell:opensuse:moodle-ro", "p-cpe:/a:novell:opensuse:moodle-pt", "p-cpe:/a:novell:opensuse:moodle-tl", "p-cpe:/a:novell:opensuse:moodle-uk", "p-cpe:/a:novell:opensuse:moodle-es", "p-cpe:/a:novell:opensuse:moodle-be", "p-cpe:/a:novell:opensuse:moodle-ca", "p-cpe:/a:novell:opensuse:moodle-bg", "p-cpe:/a:novell:opensuse:moodle-sk", "p-cpe:/a:novell:opensuse:moodle-so"]}

{"cve": [{"lastseen": "2016-09-03T12:04:37", "references": ["http://moodle.org/security/", "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html", "http://www.openwall.com/lists/oss-security/2009/02/04/1", "http://www.debian.org/security/2009/dsa-1724"], "edition": 1, "description": "Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.", "reporter": "NVD", "published": "2009-02-09T21:30:00", "title": "CVE-2009-0500", "type": "cve", "enchantments": {"score": {"modified": "2016-09-03T12:04:37", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-0500"], "scanner": [], "cpe": ["cpe:/a:moodle:moodle:1.6.6", "cpe:/a:moodle:moodle:1.8.7", "cpe:/a:moodle:moodle:1.8.2", "cpe:/a:moodle:moodle:1.9.2", "cpe:/a:moodle:moodle:1.8.6", "cpe:/a:moodle:moodle:1.7.4", "cpe:/a:moodle:moodle:1.6.3", "cpe:/a:moodle:moodle:1.6.7", "cpe:/a:moodle:moodle:1.8.4", "cpe:/a:moodle:moodle:1.6.2", "cpe:/a:moodle:moodle:1.7", "cpe:/a:moodle:moodle:1.6.1", "cpe:/a:moodle:moodle:1.8", "cpe:/a:moodle:moodle:1.6.5", "cpe:/a:moodle:moodle:1.7.1", "cpe:/a:moodle:moodle:1.7.3", "cpe:/a:moodle:moodle:1.6.8", "cpe:/a:moodle:moodle:1.9.1", "cpe:/a:moodle:moodle:1.6", "cpe:/a:moodle:moodle:1.8.1", "cpe:/a:moodle:moodle:1.8.5", "cpe:/a:moodle:moodle:1.9", "cpe:/a:moodle:moodle:1.7.2", "cpe:/a:moodle:moodle:1.6.4", "cpe:/a:moodle:moodle:1.7.5", "cpe:/a:moodle:moodle:1.9.3", "cpe:/a:moodle:moodle:1.8.3", "cpe:/a:moodle:moodle:1.7.6"], "modified": "2011-09-12T23:00:25", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0500", "id": "CVE-2009-0500", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2016-09-03T12:04:39", "references": ["http://moodle.org/security/", "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html", "http://www.openwall.com/lists/oss-security/2009/02/04/1"], "description": "Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct \"brute force attacks on user accounts\" via unknown vectors.", "edition": 1, "reporter": "NVD", "published": "2009-02-09T21:30:00", "type": "cve", "title": "CVE-2009-0501", "enchantments": {"score": {"modified": "2016-09-03T12:04:39", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-0501"], "scanner": [], "cpe": ["cpe:/a:moodle:moodle:1.8.7", "cpe:/a:moodle:moodle:1.8.2", "cpe:/a:moodle:moodle:1.9.2", "cpe:/a:moodle:moodle:1.8.6", "cpe:/a:moodle:moodle:1.8.4", "cpe:/a:moodle:moodle:1.8", "cpe:/a:moodle:moodle:1.9.1", "cpe:/a:moodle:moodle:1.8.1", "cpe:/a:moodle:moodle:1.8.5", "cpe:/a:moodle:moodle:1.9", "cpe:/a:moodle:moodle:1.9.3", "cpe:/a:moodle:moodle:1.8.3"], "modified": "2009-04-01T01:42:35", "id": "CVE-2009-0501", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0501", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2016-09-03T12:04:36", "references": ["http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15", "http://moodle.org/security/", "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html", "http://www.openwall.com/lists/oss-security/2009/02/04/1"], "description": "Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php.", "edition": 1, "reporter": "NVD", "published": "2009-02-09T21:30:00", "type": "cve", "title": "CVE-2009-0499", "enchantments": {"score": {"modified": "2016-09-03T12:04:36", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-0499"], "scanner": [], "cpe": ["cpe:/a:moodle:moodle:1.8.7", "cpe:/a:moodle:moodle:1.8.2", "cpe:/a:moodle:moodle:1.9.2", "cpe:/a:moodle:moodle:1.8.6", "cpe:/a:moodle:moodle:1.7.4", "cpe:/a:moodle:moodle:1.8.4", "cpe:/a:moodle:moodle:1.7", "cpe:/a:moodle:moodle:1.8", "cpe:/a:moodle:moodle:1.7.1", "cpe:/a:moodle:moodle:1.7.3", "cpe:/a:moodle:moodle:1.9.1", "cpe:/a:moodle:moodle:1.8.1", "cpe:/a:moodle:moodle:1.8.5", "cpe:/a:moodle:moodle:1.9", "cpe:/a:moodle:moodle:1.7.2", "cpe:/a:moodle:moodle:1.7.5", "cpe:/a:moodle:moodle:1.9.3", "cpe:/a:moodle:moodle:1.8.3", "cpe:/a:moodle:moodle:1.7.6"], "modified": "2009-04-01T01:42:34", "id": "CVE-2009-0499", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0499", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2016-09-03T12:04:39", "references": ["http://moodle.org/security/", "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html", "http://www.openwall.com/lists/oss-security/2009/02/04/1", "http://www.debian.org/security/2009/dsa-1724"], "description": "Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the \"Login as\" feature is used to visit a MyMoodle or Blog page.", "edition": 1, "reporter": "NVD", "published": "2009-02-09T21:30:00", "type": "cve", "title": "CVE-2009-0502", "enchantments": {"score": {"modified": "2016-09-03T12:04:39", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-0502"], "scanner": [], "cpe": ["cpe:/a:moodle:moodle:1.8.7", "cpe:/a:moodle:moodle:1.8.2", "cpe:/a:moodle:moodle:1.9.2", "cpe:/a:moodle:moodle:1.8.6", "cpe:/a:moodle:moodle:1.7.4", "cpe:/a:moodle:moodle:1.8.4", "cpe:/a:moodle:moodle:1.7", "cpe:/a:moodle:moodle:1.8", "cpe:/a:moodle:moodle:1.7.1", "cpe:/a:moodle:moodle:1.7.3", "cpe:/a:moodle:moodle:1.9.1", "cpe:/a:moodle:moodle:1.8.1", "cpe:/a:snoopy:snoopy:1.2.3", "cpe:/a:moodle:moodle:1.8.5", "cpe:/a:moodle:moodle:1.9", "cpe:/a:moodle:moodle:1.7.2", "cpe:/a:moodle:moodle:1.7.5", "cpe:/a:moodle:moodle:1.9.3", "cpe:/a:moodle:moodle:1.8.3", "cpe:/a:moodle:moodle:1.7.6"], "modified": "2011-09-12T23:00:25", "id": "CVE-2009-0502", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0502", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-02T21:14:18", "references": ["http://www.openwall.com/lists/oss-security/2009/02/04/1", "http://moodle.org/security"], "pluginID": "800240", "description": "This host is running Moodle CMS and is prone to Multiple\n Vulnerabilities.", "edition": 1, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-03-03T00:00:00", "title": "Moodle CMS Multiple Vulnerabilities", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "modified": "2016-12-29T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=800240", "id": "OPENVAS:800240", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_moodle_cms_mult_vuln.nasl 4869 2016-12-29 11:01:45Z teissa $\n#\n# Moodle CMS Multiple Vulnerabilities\n#\n# Authors:\n# Sujit Ghosal <sghosal@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow remote attackers to cause Cross Site\n Scripting attacks, can gain sensitive information about the user or the\n remote host or can delete unauthorised posts through injecting malicious\n web scripts.\n\n Impact level: System/Application\";\n\ntag_affected = \"Moodle version from 1.6 prior to 1.6.9,\n Moodle version from 1.7 prior to 1.7.7,\n Moodle version from 1.8 prior to 1.8.8 and \n Moodle version from 1.9 prior to 1.9.4 on all platforms.\";\ntag_insight = \"Multiple flaws are due to\n - Vulnerability in post.php for IMG tag which allows unauthorised access\n to user's posts.\n - XSS Vulnerability in course/lib.php which allows injection of arbitrary\n web scripts or malicious HTML codes while displaying the log report in\n browser due to lack of sanitization.\n - Unspecified vulnerability in the Calendar export feature which causes\n conducting brute force attacks.\n - XSS Vulnerability in blocks/html/block_html.php which allows injection\n of arbitracy scripts of malformed HTML codes injection.\";\ntag_solution = \"Upgrade to latest version 1.6.9, 1.7.7, 1.8.8 and 1.9.4\n http://moodle.org/downloads\";\ntag_summary = \"This host is running Moodle CMS and is prone to Multiple\n Vulnerabilities.\";\n\nif(description)\n{\n script_id(800240);\n script_version(\"$Revision: 4869 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-29 12:01:45 +0100 (Thu, 29 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-03 06:56:37 +0100 (Tue, 03 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_cve_id(\"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\");\n script_bugtraq_id(33617, 33615, 33612, 32402);\n script_name(\"Moodle CMS Multiple Vulnerabilities\");\n script_xref(name : \"URL\" , value : \"http://moodle.org/security\");\n script_xref(name : \"URL\" , value : \"http://www.openwall.com/lists/oss-security/2009/02/04/1\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_moodle_cms_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"Moodle/Version\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"impact\" , value : tag_impact);\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nmoodlePort = get_http_port(default:80);\nif(!moodlePort){\n exit(0);\n}\n\nif(!get_kb_item(string(\"www/\", moodlePort, \"/moodle\")))exit(0);\n\nmoodleVer = get_kb_item(\"Moodle/Version\");\nif(!moodleVer){\n exit(0);\n}\n\n# Grep for Moodle CMS Version\nif(version_in_range(version:moodleVer, test_version:\"1.6\", test_version2:\"1.6.8\") ||\n version_in_range(version:moodleVer, test_version:\"1.7\", test_version2:\"1.7.6\") ||\n version_in_range(version:moodleVer, test_version:\"1.8\", test_version2:\"1.8.7\") ||\n version_in_range(version:moodleVer, test_version:\"1.9\", test_version2:\"1.9.3\")){\n security_message(moodlePort);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-24T18:21:36", "references": ["http://www.openwall.com/lists/oss-security/2009/02/04/1", "http://moodle.org/security"], "pluginID": "1361412562310800240", "description": "This host is running Moodle CMS and is prone to Multiple\n Vulnerabilities.", "edition": 5, "reporter": "Copyright (C) 2009 Greenbone Networks GmbH", "published": "2009-03-03T00:00:00", "title": "Moodle CMS Multiple Vulnerabilities", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "modified": "2018-09-22T00:00:00", "id": "OPENVAS:1361412562310800240", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800240", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_moodle_cms_mult_vuln.nasl 11554 2018-09-22 15:11:42Z cfischer $\n#\n# Moodle CMS Multiple Vulnerabilities\n#\n# Authors:\n# Sujit Ghosal <sghosal@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800240\");\n script_version(\"$Revision: 11554 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-22 17:11:42 +0200 (Sat, 22 Sep 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-03 06:56:37 +0100 (Tue, 03 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_cve_id(\"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\");\n script_bugtraq_id(33617, 33615, 33612, 32402);\n script_name(\"Moodle CMS Multiple Vulnerabilities\");\n script_xref(name:\"URL\", value:\"http://moodle.org/security\");\n script_xref(name:\"URL\", value:\"http://www.openwall.com/lists/oss-security/2009/02/04/1\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_moodle_cms_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"Moodle/Version\");\n script_tag(name:\"affected\", value:\"Moodle version from 1.6 prior to 1.6.9,\n Moodle version from 1.7 prior to 1.7.7,\n Moodle version from 1.8 prior to 1.8.8 and\n Moodle version from 1.9 prior to 1.9.4 on all platforms.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to\n\n - Vulnerability in post.php for IMG tag which allows unauthorised access\n to user's posts.\n\n - XSS Vulnerability in course/lib.php which allows injection of arbitrary\n web scripts or malicious HTML codes while displaying the log report in\n browser due to lack of sanitization.\n\n - Unspecified vulnerability in the Calendar export feature which causes\n conducting brute force attacks.\n\n - XSS Vulnerability in blocks/html/block_html.php which allows injection\n of arbitracy scripts of malformed HTML codes injection.\");\n script_tag(name:\"solution\", value:\"Upgrade to latest version 1.6.9, 1.7.7, 1.8.8 and 1.9.4\n http://moodle.org/downloads\");\n script_tag(name:\"summary\", value:\"This host is running Moodle CMS and is prone to Multiple\n Vulnerabilities.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to cause Cross Site\n Scripting attacks, can gain sensitive information about the user or the\n remote host or can delete unauthorised posts through injecting malicious\n web scripts.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\nmoodlePort = get_http_port(default:80);\nif(!moodlePort){\n exit(0);\n}\n\nif(!get_kb_item(string(\"www/\", moodlePort, \"/moodle\")))exit(0);\n\nmoodleVer = get_kb_item(\"Moodle/Version\");\nif(!moodleVer){\n exit(0);\n}\n\nif(version_in_range(version:moodleVer, test_version:\"1.6\", test_version2:\"1.6.8\") ||\n version_in_range(version:moodleVer, test_version:\"1.7\", test_version2:\"1.7.6\") ||\n version_in_range(version:moodleVer, test_version:\"1.8\", test_version2:\"1.8.7\") ||\n version_in_range(version:moodleVer, test_version:\"1.9\", test_version2:\"1.9.3\")){\n security_message(moodlePort);\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-04-06T11:38:35", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=484923", "https://bugzilla.redhat.com/show_bug.cgi?id=484922", "https://bugzilla.redhat.com/show_bug.cgi?id=484924", "https://bugzilla.redhat.com/show_bug.cgi?id=484916"], "pluginID": "136141256231063390", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-1641.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-02-13T00:00:00", "title": "Fedora Core 9 FEDORA-2009-1641 (moodle)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063390", "id": "OPENVAS:136141256231063390", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_1641.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-1641 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nMultiple security fixes.\n\nChangeLog:\n\n* Tue Feb 10 2009 Jon Ciesla - 1.9.4-1\n- Update to 1.9.4 to fix CVE-2009-0499,0500,0501,0502.\n* Tue Jan 27 2009 Jon Ciesla - 1.9.3-6\n- Dropped and symlinked to khmeros-base-fonts.\n* Tue Jan 20 2009 Jon Ciesla - 1.9.3-5\n- Dropped and symlinked illegal sm and to fonts.\n- Symlinking to FreeSans.\n- Drop spell-check-logic.cgi, CVE-2008-5153, per upstream, BZ 472117, 472119, 472120.\n* Wed Dec 17 2008 Jon Ciesla - 1.9.3-4\n- Texed fix, BZ 476709.\n* Fri Nov 7 2008 Jon Ciesla - 1.9.3-3\n- Moved to weekly downloaded 11/7/08 to fix Snoopy CVE-2008-4796.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update moodle' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-1641\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-1641.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63390\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 20:43:17 +0100 (Fri, 13 Feb 2009)\");\n script_cve_id(\"CVE-2009-0499\", \"CVE-2008-5153\", \"CVE-2008-4796\", \"CVE-2009-0500\", \"CVE-2009-0502\", \"CVE-2009-0501\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 9 FEDORA-2009-1641 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484916\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484922\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484924\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484923\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-af\", rpm:\"moodle-af~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ar\", rpm:\"moodle-ar~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-be\", rpm:\"moodle-be~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bg\", rpm:\"moodle-bg~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bn\", rpm:\"moodle-bn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bs\", rpm:\"moodle-bs~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ca\", rpm:\"moodle-ca~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cs\", rpm:\"moodle-cs~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cy\", rpm:\"moodle-cy~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-da\", rpm:\"moodle-da~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de\", rpm:\"moodle-de~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de_du\", rpm:\"moodle-de_du~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-el\", rpm:\"moodle-el~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-es\", rpm:\"moodle-es~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-et\", rpm:\"moodle-et~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-eu\", rpm:\"moodle-eu~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fa\", rpm:\"moodle-fa~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fi\", rpm:\"moodle-fi~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fil\", rpm:\"moodle-fil~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr\", rpm:\"moodle-fr~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr_ca\", rpm:\"moodle-fr_ca~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ga\", rpm:\"moodle-ga~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gl\", rpm:\"moodle-gl~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gu\", rpm:\"moodle-gu~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-he\", rpm:\"moodle-he~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hi\", rpm:\"moodle-hi~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hr\", rpm:\"moodle-hr~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hu\", rpm:\"moodle-hu~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hy\", rpm:\"moodle-hy~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-id\", rpm:\"moodle-id~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-is\", rpm:\"moodle-is~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-it\", rpm:\"moodle-it~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ja\", rpm:\"moodle-ja~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ka\", rpm:\"moodle-ka~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kk\", rpm:\"moodle-kk~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-km\", rpm:\"moodle-km~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kn\", rpm:\"moodle-kn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ko\", rpm:\"moodle-ko~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lo\", rpm:\"moodle-lo~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lt\", rpm:\"moodle-lt~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lv\", rpm:\"moodle-lv~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_tn\", rpm:\"moodle-mi_tn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_wwow\", rpm:\"moodle-mi_wwow~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mk\", rpm:\"moodle-mk~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ml\", rpm:\"moodle-ml~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mn\", rpm:\"moodle-mn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ms\", rpm:\"moodle-ms~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nl\", rpm:\"moodle-nl~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nn\", rpm:\"moodle-nn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no\", rpm:\"moodle-no~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no_gr\", rpm:\"moodle-no_gr~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pl\", rpm:\"moodle-pl~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt\", rpm:\"moodle-pt~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt_br\", rpm:\"moodle-pt_br~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ro\", rpm:\"moodle-ro~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ru\", rpm:\"moodle-ru~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-si\", rpm:\"moodle-si~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sk\", rpm:\"moodle-sk~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sl\", rpm:\"moodle-sl~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sm\", rpm:\"moodle-sm~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-so\", rpm:\"moodle-so~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sq\", rpm:\"moodle-sq~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr\", rpm:\"moodle-sr_cr~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr_bo\", rpm:\"moodle-sr_cr_bo~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_lt\", rpm:\"moodle-sr_lt~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sv\", rpm:\"moodle-sv~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta\", rpm:\"moodle-ta~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta_lk\", rpm:\"moodle-ta_lk~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-th\", rpm:\"moodle-th~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tl\", rpm:\"moodle-tl~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-to\", rpm:\"moodle-to~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tr\", rpm:\"moodle-tr~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uk\", rpm:\"moodle-uk~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uz\", rpm:\"moodle-uz~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-vi\", rpm:\"moodle-vi~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_cn\", rpm:\"moodle-zh_cn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_tw\", rpm:\"moodle-zh_tw~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:56:31", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=484923", "https://bugzilla.redhat.com/show_bug.cgi?id=484922", "https://bugzilla.redhat.com/show_bug.cgi?id=484924", "https://bugzilla.redhat.com/show_bug.cgi?id=484916"], "pluginID": "63390", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-1641.", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-02-13T00:00:00", "title": "Fedora Core 9 FEDORA-2009-1641 (moodle)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63390", "id": "OPENVAS:63390", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_1641.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-1641 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nMultiple security fixes.\n\nChangeLog:\n\n* Tue Feb 10 2009 Jon Ciesla - 1.9.4-1\n- Update to 1.9.4 to fix CVE-2009-0499,0500,0501,0502.\n* Tue Jan 27 2009 Jon Ciesla - 1.9.3-6\n- Dropped and symlinked to khmeros-base-fonts.\n* Tue Jan 20 2009 Jon Ciesla - 1.9.3-5\n- Dropped and symlinked illegal sm and to fonts.\n- Symlinking to FreeSans.\n- Drop spell-check-logic.cgi, CVE-2008-5153, per upstream, BZ 472117, 472119, 472120.\n* Wed Dec 17 2008 Jon Ciesla - 1.9.3-4\n- Texed fix, BZ 476709.\n* Fri Nov 7 2008 Jon Ciesla - 1.9.3-3\n- Moved to weekly downloaded 11/7/08 to fix Snoopy CVE-2008-4796.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update moodle' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-1641\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-1641.\";\n\n\n\nif(description)\n{\n script_id(63390);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-13 20:43:17 +0100 (Fri, 13 Feb 2009)\");\n script_cve_id(\"CVE-2009-0499\", \"CVE-2008-5153\", \"CVE-2008-4796\", \"CVE-2009-0500\", \"CVE-2009-0502\", \"CVE-2009-0501\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 9 FEDORA-2009-1641 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484916\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484922\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484924\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484923\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-af\", rpm:\"moodle-af~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ar\", rpm:\"moodle-ar~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-be\", rpm:\"moodle-be~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bg\", rpm:\"moodle-bg~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bn\", rpm:\"moodle-bn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bs\", rpm:\"moodle-bs~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ca\", rpm:\"moodle-ca~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cs\", rpm:\"moodle-cs~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cy\", rpm:\"moodle-cy~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-da\", rpm:\"moodle-da~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de\", rpm:\"moodle-de~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de_du\", rpm:\"moodle-de_du~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-el\", rpm:\"moodle-el~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-es\", rpm:\"moodle-es~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-et\", rpm:\"moodle-et~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-eu\", rpm:\"moodle-eu~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fa\", rpm:\"moodle-fa~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fi\", rpm:\"moodle-fi~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fil\", rpm:\"moodle-fil~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr\", rpm:\"moodle-fr~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr_ca\", rpm:\"moodle-fr_ca~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ga\", rpm:\"moodle-ga~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gl\", rpm:\"moodle-gl~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gu\", rpm:\"moodle-gu~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-he\", rpm:\"moodle-he~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hi\", rpm:\"moodle-hi~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hr\", rpm:\"moodle-hr~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hu\", rpm:\"moodle-hu~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hy\", rpm:\"moodle-hy~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-id\", rpm:\"moodle-id~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-is\", rpm:\"moodle-is~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-it\", rpm:\"moodle-it~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ja\", rpm:\"moodle-ja~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ka\", rpm:\"moodle-ka~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kk\", rpm:\"moodle-kk~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-km\", rpm:\"moodle-km~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kn\", rpm:\"moodle-kn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ko\", rpm:\"moodle-ko~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lo\", rpm:\"moodle-lo~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lt\", rpm:\"moodle-lt~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lv\", rpm:\"moodle-lv~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_tn\", rpm:\"moodle-mi_tn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_wwow\", rpm:\"moodle-mi_wwow~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mk\", rpm:\"moodle-mk~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ml\", rpm:\"moodle-ml~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mn\", rpm:\"moodle-mn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ms\", rpm:\"moodle-ms~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nl\", rpm:\"moodle-nl~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nn\", rpm:\"moodle-nn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no\", rpm:\"moodle-no~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no_gr\", rpm:\"moodle-no_gr~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pl\", rpm:\"moodle-pl~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt\", rpm:\"moodle-pt~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt_br\", rpm:\"moodle-pt_br~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ro\", rpm:\"moodle-ro~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ru\", rpm:\"moodle-ru~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-si\", rpm:\"moodle-si~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sk\", rpm:\"moodle-sk~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sl\", rpm:\"moodle-sl~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sm\", rpm:\"moodle-sm~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-so\", rpm:\"moodle-so~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sq\", rpm:\"moodle-sq~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr\", rpm:\"moodle-sr_cr~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr_bo\", rpm:\"moodle-sr_cr_bo~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_lt\", rpm:\"moodle-sr_lt~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sv\", rpm:\"moodle-sv~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta\", rpm:\"moodle-ta~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta_lk\", rpm:\"moodle-ta_lk~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-th\", rpm:\"moodle-th~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tl\", rpm:\"moodle-tl~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-to\", rpm:\"moodle-to~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tr\", rpm:\"moodle-tr~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uk\", rpm:\"moodle-uk~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uz\", rpm:\"moodle-uz~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-vi\", rpm:\"moodle-vi~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_cn\", rpm:\"moodle-zh_cn~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_tw\", rpm:\"moodle-zh_tw~1.9.4~1.fc9\", rls:\"FC9\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:57:11", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=484923", "https://bugzilla.redhat.com/show_bug.cgi?id=484922", "https://bugzilla.redhat.com/show_bug.cgi?id=484924", "https://bugzilla.redhat.com/show_bug.cgi?id=484916"], "pluginID": "63405", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-1699.", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-02-18T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Fedora Core 10 FEDORA-2009-1699 (moodle)", "type": "openvas", "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500"], "modified": "2017-07-10T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63405", "id": "OPENVAS:63405", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_1699.nasl 6624 2017-07-10 06:11:55Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-1699 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nMultiple security fixes.\n\nChangeLog:\n\n* Tue Feb 10 2009 Jon Ciesla - 1.9.4-1\n- Update to 1.9.4 to fix CVE-2009-0499,0500,0501,0502.\n* Tue Jan 27 2009 Jon Ciesla - 1.9.3-6\n- Dropped and symlinked to khmeros-base-fonts.\n* Tue Jan 20 2009 Jon Ciesla - 1.9.3-5\n- Dropped and symlinked illegal sm and to fonts.\n- Symlinking to FreeSans.\n- Drop spell-check-logic.cgi, CVE-2008-5153, per upstream, BZ 472117, 472119, 472120.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update moodle' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-1699\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-1699.\";\n\n\n\nif(description)\n{\n script_id(63405);\n script_version(\"$Revision: 6624 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 08:11:55 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-18 23:13:28 +0100 (Wed, 18 Feb 2009)\");\n script_cve_id(\"CVE-2009-0499\", \"CVE-2008-5153\", \"CVE-2008-4796\", \"CVE-2009-0502\", \"CVE-2009-0500\", \"CVE-2009-0501\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-1699 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484924\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484922\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484916\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484923\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-af\", rpm:\"moodle-af~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ar\", rpm:\"moodle-ar~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-be\", rpm:\"moodle-be~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bg\", rpm:\"moodle-bg~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bn\", rpm:\"moodle-bn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bs\", rpm:\"moodle-bs~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ca\", rpm:\"moodle-ca~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cs\", rpm:\"moodle-cs~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cy\", rpm:\"moodle-cy~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-da\", rpm:\"moodle-da~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de\", rpm:\"moodle-de~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de_du\", rpm:\"moodle-de_du~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-el\", rpm:\"moodle-el~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-es\", rpm:\"moodle-es~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-et\", rpm:\"moodle-et~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-eu\", rpm:\"moodle-eu~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fa\", rpm:\"moodle-fa~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fi\", rpm:\"moodle-fi~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fil\", rpm:\"moodle-fil~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr\", rpm:\"moodle-fr~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr_ca\", rpm:\"moodle-fr_ca~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ga\", rpm:\"moodle-ga~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gl\", rpm:\"moodle-gl~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gu\", rpm:\"moodle-gu~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-he\", rpm:\"moodle-he~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hi\", rpm:\"moodle-hi~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hr\", rpm:\"moodle-hr~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hu\", rpm:\"moodle-hu~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hy\", rpm:\"moodle-hy~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-id\", rpm:\"moodle-id~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-is\", rpm:\"moodle-is~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-it\", rpm:\"moodle-it~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ja\", rpm:\"moodle-ja~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ka\", rpm:\"moodle-ka~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kk\", rpm:\"moodle-kk~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-km\", rpm:\"moodle-km~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kn\", rpm:\"moodle-kn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ko\", rpm:\"moodle-ko~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lo\", rpm:\"moodle-lo~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lt\", rpm:\"moodle-lt~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lv\", rpm:\"moodle-lv~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_tn\", rpm:\"moodle-mi_tn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_wwow\", rpm:\"moodle-mi_wwow~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mk\", rpm:\"moodle-mk~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ml\", rpm:\"moodle-ml~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mn\", rpm:\"moodle-mn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ms\", rpm:\"moodle-ms~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nl\", rpm:\"moodle-nl~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nn\", rpm:\"moodle-nn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no\", rpm:\"moodle-no~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no_gr\", rpm:\"moodle-no_gr~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pl\", rpm:\"moodle-pl~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt\", rpm:\"moodle-pt~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt_br\", rpm:\"moodle-pt_br~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ro\", rpm:\"moodle-ro~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ru\", rpm:\"moodle-ru~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-si\", rpm:\"moodle-si~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sk\", rpm:\"moodle-sk~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sl\", rpm:\"moodle-sl~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sm\", rpm:\"moodle-sm~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-so\", rpm:\"moodle-so~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sq\", rpm:\"moodle-sq~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr\", rpm:\"moodle-sr_cr~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr_bo\", rpm:\"moodle-sr_cr_bo~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_lt\", rpm:\"moodle-sr_lt~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sv\", rpm:\"moodle-sv~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta\", rpm:\"moodle-ta~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta_lk\", rpm:\"moodle-ta_lk~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-th\", rpm:\"moodle-th~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tl\", rpm:\"moodle-tl~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-to\", rpm:\"moodle-to~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tr\", rpm:\"moodle-tr~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uk\", rpm:\"moodle-uk~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uz\", rpm:\"moodle-uz~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-vi\", rpm:\"moodle-vi~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_cn\", rpm:\"moodle-zh_cn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_tw\", rpm:\"moodle-zh_tw~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:40:31", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=484923", "https://bugzilla.redhat.com/show_bug.cgi?id=484922", "https://bugzilla.redhat.com/show_bug.cgi?id=484924", "https://bugzilla.redhat.com/show_bug.cgi?id=484916"], "pluginID": "136141256231063405", "description": "The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-1699.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-02-18T00:00:00", "type": "openvas", "title": "Fedora Core 10 FEDORA-2009-1699 (moodle)", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2008-4796", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063405", "id": "OPENVAS:136141256231063405", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: fcore_2009_1699.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory FEDORA-2009-1699 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Update Information:\n\nMultiple security fixes.\n\nChangeLog:\n\n* Tue Feb 10 2009 Jon Ciesla - 1.9.4-1\n- Update to 1.9.4 to fix CVE-2009-0499,0500,0501,0502.\n* Tue Jan 27 2009 Jon Ciesla - 1.9.3-6\n- Dropped and symlinked to khmeros-base-fonts.\n* Tue Jan 20 2009 Jon Ciesla - 1.9.3-5\n- Dropped and symlinked illegal sm and to fonts.\n- Symlinking to FreeSans.\n- Drop spell-check-logic.cgi, CVE-2008-5153, per upstream, BZ 472117, 472119, 472120.\";\ntag_solution = \"Apply the appropriate updates.\n\nThis update can be installed with the yum update program. Use \nsu -c 'yum update moodle' at the command line.\nFor more information, refer to Managing Software with yum,\navailable at http://docs.fedoraproject.org/yum/.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-1699\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory FEDORA-2009-1699.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63405\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-18 23:13:28 +0100 (Wed, 18 Feb 2009)\");\n script_cve_id(\"CVE-2009-0499\", \"CVE-2008-5153\", \"CVE-2008-4796\", \"CVE-2009-0502\", \"CVE-2009-0500\", \"CVE-2009-0501\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Fedora Core 10 FEDORA-2009-1699 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484924\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484922\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484916\");\n script_xref(name : \"URL\" , value : \"https://bugzilla.redhat.com/show_bug.cgi?id=484923\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"moodle\", rpm:\"moodle~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-af\", rpm:\"moodle-af~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ar\", rpm:\"moodle-ar~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-be\", rpm:\"moodle-be~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bg\", rpm:\"moodle-bg~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bn\", rpm:\"moodle-bn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-bs\", rpm:\"moodle-bs~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ca\", rpm:\"moodle-ca~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cs\", rpm:\"moodle-cs~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-cy\", rpm:\"moodle-cy~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-da\", rpm:\"moodle-da~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de\", rpm:\"moodle-de~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-de_du\", rpm:\"moodle-de_du~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-el\", rpm:\"moodle-el~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-es\", rpm:\"moodle-es~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-et\", rpm:\"moodle-et~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-eu\", rpm:\"moodle-eu~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fa\", rpm:\"moodle-fa~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fi\", rpm:\"moodle-fi~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fil\", rpm:\"moodle-fil~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr\", rpm:\"moodle-fr~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-fr_ca\", rpm:\"moodle-fr_ca~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ga\", rpm:\"moodle-ga~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gl\", rpm:\"moodle-gl~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-gu\", rpm:\"moodle-gu~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-he\", rpm:\"moodle-he~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hi\", rpm:\"moodle-hi~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hr\", rpm:\"moodle-hr~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hu\", rpm:\"moodle-hu~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-hy\", rpm:\"moodle-hy~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-id\", rpm:\"moodle-id~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-is\", rpm:\"moodle-is~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-it\", rpm:\"moodle-it~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ja\", rpm:\"moodle-ja~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ka\", rpm:\"moodle-ka~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kk\", rpm:\"moodle-kk~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-km\", rpm:\"moodle-km~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-kn\", rpm:\"moodle-kn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ko\", rpm:\"moodle-ko~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lo\", rpm:\"moodle-lo~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lt\", rpm:\"moodle-lt~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-lv\", rpm:\"moodle-lv~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_tn\", rpm:\"moodle-mi_tn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mi_wwow\", rpm:\"moodle-mi_wwow~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mk\", rpm:\"moodle-mk~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ml\", rpm:\"moodle-ml~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-mn\", rpm:\"moodle-mn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ms\", rpm:\"moodle-ms~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nl\", rpm:\"moodle-nl~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-nn\", rpm:\"moodle-nn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no\", rpm:\"moodle-no~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-no_gr\", rpm:\"moodle-no_gr~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pl\", rpm:\"moodle-pl~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt\", rpm:\"moodle-pt~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-pt_br\", rpm:\"moodle-pt_br~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ro\", rpm:\"moodle-ro~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ru\", rpm:\"moodle-ru~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-si\", rpm:\"moodle-si~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sk\", rpm:\"moodle-sk~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sl\", rpm:\"moodle-sl~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sm\", rpm:\"moodle-sm~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-so\", rpm:\"moodle-so~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sq\", rpm:\"moodle-sq~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr\", rpm:\"moodle-sr_cr~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_cr_bo\", rpm:\"moodle-sr_cr_bo~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sr_lt\", rpm:\"moodle-sr_lt~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-sv\", rpm:\"moodle-sv~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta\", rpm:\"moodle-ta~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-ta_lk\", rpm:\"moodle-ta_lk~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-th\", rpm:\"moodle-th~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tl\", rpm:\"moodle-tl~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-to\", rpm:\"moodle-to~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-tr\", rpm:\"moodle-tr~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uk\", rpm:\"moodle-uk~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-uz\", rpm:\"moodle-uz~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-vi\", rpm:\"moodle-vi~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_cn\", rpm:\"moodle-zh_cn~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"moodle-zh_tw\", rpm:\"moodle-zh_tw~1.9.4~1.fc10\", rls:\"FC10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:57:00", "references": [], "pluginID": "63410", "description": "The remote host is missing an update to moodle\nannounced via advisory DSA 1724-1.", "edition": 2, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-02-18T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Debian Security Advisory DSA 1724-1 (moodle)", "type": "openvas", "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0502", "CVE-2008-5153", "CVE-2009-0500"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=63410", "id": "OPENVAS:63410", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1724_1.nasl 6615 2017-07-07 12:09:52Z cfischer $\n# Description: Auto-generated from advisory DSA 1724-1 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in Moodle, an online\ncourse management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2009-0500\n\nIt was discovered that the information stored in the log tables\nwas not properly sanitized, which could allow attackers to inject\narbitrary web code.\n\nCVE-2009-0502\n\nIt was discovered that certain input via the Login as function\nwas not properly sanitised leading to the injection of arbitrary\nweb script.\n\nCVE-2008-5153\n\nDmitry E. Oboukhov discovered that the SpellCheker plugin creates\ntemporary files insecurely, allowing a denial of service attack.\nSince the plugin was unused, it is removed in this update.\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 1.6.3-2+etch2.\n\nFor the testing (lenny) distribution these problems have been fixed in\nversion 1.8.2.dfsg-3+lenny1.\n\nFor the unstable (sid) distribution these problems have been fixed in\nversion 1.8.2.dfsg-4.\n\nWe recommend that you upgrade your moodle package.\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory DSA 1724-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201724-1\";\n\n\nif(description)\n{\n script_id(63410);\n script_version(\"$Revision: 6615 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:09:52 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-18 23:13:28 +0100 (Wed, 18 Feb 2009)\");\n script_cve_id(\"CVE-2009-0500\", \"CVE-2009-0502\", \"CVE-2008-5153\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1724-1 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"moodle\", ver:\"1.6.3-2+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:39:58", "references": [], "pluginID": "136141256231063410", "description": "The remote host is missing an update to moodle\nannounced via advisory DSA 1724-1.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-02-18T00:00:00", "title": "Debian Security Advisory DSA 1724-1 (moodle)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0502", "CVE-2008-5153", "CVE-2009-0500"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063410", "id": "OPENVAS:136141256231063410", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1724_1.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory DSA 1724-1 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Several vulnerabilities have been discovered in Moodle, an online\ncourse management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2009-0500\n\nIt was discovered that the information stored in the log tables\nwas not properly sanitized, which could allow attackers to inject\narbitrary web code.\n\nCVE-2009-0502\n\nIt was discovered that certain input via the Login as function\nwas not properly sanitised leading to the injection of arbitrary\nweb script.\n\nCVE-2008-5153\n\nDmitry E. Oboukhov discovered that the SpellCheker plugin creates\ntemporary files insecurely, allowing a denial of service attack.\nSince the plugin was unused, it is removed in this update.\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 1.6.3-2+etch2.\n\nFor the testing (lenny) distribution these problems have been fixed in\nversion 1.8.2.dfsg-3+lenny1.\n\nFor the unstable (sid) distribution these problems have been fixed in\nversion 1.8.2.dfsg-4.\n\nWe recommend that you upgrade your moodle package.\";\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory DSA 1724-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201724-1\";\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63410\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-02-18 23:13:28 +0100 (Wed, 18 Feb 2009)\");\n script_cve_id(\"CVE-2009-0500\", \"CVE-2009-0502\", \"CVE-2008-5153\");\n script_tag(name:\"cvss_base\", value:\"6.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1724-1 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"moodle\", ver:\"1.6.3-2+etch2\", rls:\"DEB4.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:25", "references": ["http://www.ubuntu.com/usn/usn-791-1/"], "pluginID": "64320", "description": "The remote host is missing an update to moodle\nannounced via advisory USN-791-1.\n\nFor details, please visit the referenced security advisories.", "edition": 3, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-06-30T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "Ubuntu USN-791-1 (moodle)", "type": "openvas", "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2008-4811", "CVE-2008-5432", "CVE-2008-5619", "CVE-2009-0502", "CVE-2008-4810", "CVE-2008-4796", "CVE-2008-6124", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500", "CVE-2009-1171", "CVE-2009-1669", "CVE-2007-3215"], "modified": "2017-12-01T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=64320", "id": "OPENVAS:64320", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_791_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_791_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-791-1 (moodle)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 8.04 LTS:\n moodle 1.8.2-1ubuntu4.2\n\nUbuntu 8.10:\n moodle 1.8.2-1.2ubuntu2.1\n\nAfter a standard system upgrade you need to access the Moodle instance\nand accept the database update to clear any invalid cached data.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-791-1\";\n\ntag_summary = \"The remote host is missing an update to moodle\nannounced via advisory USN-791-1.\n\nFor details, please visit the referenced security advisories.\";\n\n \n\n\nif(description)\n{\n script_id(64320);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-06-30 00:29:55 +0200 (Tue, 30 Jun 2009)\");\n script_cve_id(\"CVE-2007-3215\", \"CVE-2008-4796\", \"CVE-2008-4810\", \"CVE-2008-4811\", \"CVE-2008-5153\", \"CVE-2008-5432\", \"CVE-2008-5619\", \"CVE-2008-6124\", \"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\", \"CVE-2009-1171\", \"CVE-2009-1669\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-791-1 (moodle)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-791-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"moodle\", ver:\"1.8.2-1ubuntu4.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"moodle\", ver:\"1.8.2-1.2ubuntu2.1\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:37:49", "references": [], "pluginID": "136141256231063687", "description": "The remote host is missing updates announced in\nadvisory SUSE-SR:2009:007. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.", "edition": 1, "reporter": "Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com", "published": "2009-03-31T00:00:00", "title": "SuSE Security Summary SUSE-SR:2009:007", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0733", "CVE-2009-0932", "CVE-2009-0915", "CVE-2008-3075", "CVE-2009-0723", "CVE-2008-2364", "CVE-2009-0584", "CVE-2008-3076", "CVE-2009-0502", "CVE-2009-0115", "CVE-2008-4677", "CVE-2009-0583", "CVE-2009-0916", "CVE-2007-6018", "CVE-2008-5917", "CVE-2009-0499", "CVE-2009-0500", "CVE-2009-0930", "CVE-2008-6235", "CVE-2008-3074", "CVE-2008-2712", "CVE-2009-0581", "CVE-2009-0914"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231063687", "id": "OPENVAS:136141256231063687", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: suse_sr_2009_007.nasl 9350 2018-04-06 07:03:33Z cfischer $\n# Description: Auto-generated from advisory SUSE-SR:2009:007\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_summary = \"The remote host is missing updates announced in\nadvisory SUSE-SR:2009:007. SuSE Security Summaries are short\non detail when it comes to the names of packages affected by\na particular bug. Because of this, while this test will detect\nout of date packages, it cannot tell you what bugs impact\nwhich packages, or vice versa.\";\n\ntag_solution = \"Update all out of date packages.\";\n \nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.63687\");\n script_version(\"$Revision: 9350 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:03:33 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-31 19:20:21 +0200 (Tue, 31 Mar 2009)\");\n script_cve_id(\"CVE-2007-6018\", \"CVE-2008-2364\", \"CVE-2008-2712\", \"CVE-2008-3074\", \"CVE-2008-3075\", \"CVE-2008-3076\", \"CVE-2008-4677\", \"CVE-2008-5917\", \"CVE-2008-6235\", \"CVE-2009-0115\", \"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\", \"CVE-2009-0581\", \"CVE-2009-0583\", \"CVE-2009-0584\", \"CVE-2009-0723\", \"CVE-2009-0733\", \"CVE-2009-0914\", \"CVE-2009-0915\", \"CVE-2009-0916\", \"CVE-2009-0930\", \"CVE-2009-0932\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"SuSE Security Summary SUSE-SR:2009:007\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-rpm.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isrpmvuln(pkg:\"ConsoleKit\", rpm:\"ConsoleKit~0.2.10~60.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ConsoleKit-devel\", rpm:\"ConsoleKit-devel~0.2.10~60.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ConsoleKit-x11\", rpm:\"ConsoleKit-x11~0.2.10~60.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"Mesa\", rpm:\"Mesa~7.2~10.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"Mesa-devel\", rpm:\"Mesa-devel~7.2~10.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"Mesa-devel-static\", rpm:\"Mesa-devel-static~7.2~10.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ModemManager\", rpm:\"ModemManager~0.1_20081203~6.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.7~1.1.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-branding-upstream\", rpm:\"MozillaFirefox-branding-upstream~3.0.7~1.1.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.7~1.1.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager\", rpm:\"NetworkManager~0.7.0.r4359~15.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-devel\", rpm:\"NetworkManager-devel~0.7.0.r4359~15.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-doc\", rpm:\"NetworkManager-doc~0.7.0.r4359~15.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-glib\", rpm:\"NetworkManager-glib~0.7.0.r4359~15.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-gnome\", rpm:\"NetworkManager-gnome~0.7.0.r1053~11.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-kde\", rpm:\"NetworkManager-kde~0.7r848570~23.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-kde-devel\", rpm:\"NetworkManager-kde-devel~0.7r848570~23.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-openvpn-kde\", rpm:\"NetworkManager-openvpn-kde~0.7r848570~23.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-vpnc-kde\", rpm:\"NetworkManager-vpnc-kde~0.7r848570~23.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~8.1.4~0.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"blt\", rpm:\"blt~2.4z~342.62.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"cifs-mount\", rpm:\"cifs-mount~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1\", rpm:\"dbus-1~1.2.10~5.3.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-devel\", rpm:\"dbus-1-devel~1.2.10~5.3.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-devel-doc\", rpm:\"dbus-1-devel-doc~1.2.10~5.3.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-glib\", rpm:\"dbus-1-glib~0.76~32.33.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-glib-devel\", rpm:\"dbus-1-glib-devel~0.76~32.33.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-glib-doc\", rpm:\"dbus-1-glib-doc~0.76~32.33.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-mono\", rpm:\"dbus-1-mono~0.63~118.117.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-python\", rpm:\"dbus-1-python~0.83.0~22.22.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-python-devel\", rpm:\"dbus-1-python-devel~0.83.0~22.22.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-qt3\", rpm:\"dbus-1-qt3~0.62~221.222.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-qt3-devel\", rpm:\"dbus-1-qt3-devel~0.62~221.222.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-x11\", rpm:\"dbus-1-x11~1.2.10~5.3.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeglut\", rpm:\"freeglut~080721~20.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"freeglut-devel\", rpm:\"freeglut-devel~080721~20.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-devel\", rpm:\"ghostscript-devel~8.62~31.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-fonts-other\", rpm:\"ghostscript-fonts-other~8.62~31.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-fonts-rus\", rpm:\"ghostscript-fonts-rus~8.62~31.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-fonts-std\", rpm:\"ghostscript-fonts-std~8.62~31.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-ijs-devel\", rpm:\"ghostscript-ijs-devel~8.62~31.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-library\", rpm:\"ghostscript-library~8.62~31.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-omni\", rpm:\"ghostscript-omni~8.62~31.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-x11\", rpm:\"ghostscript-x11~8.62~31.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-control-center\", rpm:\"gnome-control-center~2.24.0.1~3.20.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-control-center-devel\", rpm:\"gnome-control-center-devel~2.24.0.1~3.20.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-control-center-lang\", rpm:\"gnome-control-center-lang~2.24.0.1~3.20.9\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-desktop\", rpm:\"gnome-desktop~2.24.1~2.17.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-desktop-devel\", rpm:\"gnome-desktop-devel~2.24.1~2.17.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-desktop-doc\", rpm:\"gnome-desktop-doc~2.24.1~2.17.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-desktop-lang\", rpm:\"gnome-desktop-lang~2.24.1~2.17.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-settings-daemon\", rpm:\"gnome-settings-daemon~2.24.0~3.20.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-settings-daemon-devel\", rpm:\"gnome-settings-daemon-devel~2.24.0~3.20.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-settings-daemon-lang\", rpm:\"gnome-settings-daemon-lang~2.24.0~3.20.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-system-monitor\", rpm:\"gnome-system-monitor~2.24.1~1.27.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-system-monitor-lang\", rpm:\"gnome-system-monitor-lang~2.24.1~1.27.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-utils\", rpm:\"gnome-utils~2.24.1~3.16.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-utils-devel\", rpm:\"gnome-utils-devel~2.24.1~3.16.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-utils-doc\", rpm:\"gnome-utils-doc~2.24.1~3.16.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"gnome-utils-lang\", rpm:\"gnome-utils-lang~2.24.1~3.16.8\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk\", rpm:\"java-1_6_0-openjdk~1.4_b14~24.3.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-demo\", rpm:\"java-1_6_0-openjdk-demo~1.4_b14~24.3.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-devel\", rpm:\"java-1_6_0-openjdk-devel~1.4_b14~24.3.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-javadoc\", rpm:\"java-1_6_0-openjdk-javadoc~1.4_b14~24.3.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-plugin\", rpm:\"java-1_6_0-openjdk-plugin~1.4_b14~24.3.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-src\", rpm:\"java-1_6_0-openjdk-src~1.4_b14~24.3.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kpartx\", rpm:\"kpartx~0.4.8~26.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lcms\", rpm:\"lcms~1.17~44.59.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ldapsmb\", rpm:\"ldapsmb~1.34b~6.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgimpprint\", rpm:\"libgimpprint~4.2.7~31.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgimpprint-devel\", rpm:\"libgimpprint-devel~4.2.7~31.40.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgnome-desktop-2-7\", rpm:\"libgnome-desktop-2-7~2.24.1~2.17.6\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"liblcms-devel\", rpm:\"liblcms-devel~1.17~44.59.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"liblcms1\", rpm:\"liblcms1~1.17~44.59.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnetapi-devel\", rpm:\"libnetapi-devel~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libnetapi0\", rpm:\"libnetapi0~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.5.1~3.9.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbclient-devel\", rpm:\"libsmbclient-devel~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbclient0\", rpm:\"libsmbclient0~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbsharemodes-devel\", rpm:\"libsmbsharemodes-devel~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libsmbsharemodes0\", rpm:\"libsmbsharemodes0~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtalloc-devel\", rpm:\"libtalloc-devel~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtalloc1\", rpm:\"libtalloc1~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtdb-devel\", rpm:\"libtdb-devel~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libtdb1\", rpm:\"libtdb1~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwbclient-devel\", rpm:\"libwbclient-devel~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libwbclient0\", rpm:\"libwbclient0~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mdadm\", rpm:\"mdadm~3.0~10.9.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.7~1.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.7~1.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.7~1.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.7~1.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"multipath-tools\", rpm:\"multipath-tools~0.4.8~26.10.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opera\", rpm:\"opera~9.64~1.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"psmisc\", rpm:\"psmisc~22.6~61.27.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-lcms\", rpm:\"python-lcms~1.17~44.59.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"python-xpcom190\", rpm:\"python-xpcom190~1.9.0.7~1.2.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba\", rpm:\"samba~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-client\", rpm:\"samba-client~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-devel\", rpm:\"samba-devel~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-krb-printing\", rpm:\"samba-krb-printing~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-vscan\", rpm:\"samba-vscan~0.3.6b~6.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"samba-winbind\", rpm:\"samba-winbind~3.2.7~11.2.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2\", rpm:\"sax2~8.1~542.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-gui\", rpm:\"sax2-gui~8.1~542.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-ident\", rpm:\"sax2-ident~8.1~542.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-libsax\", rpm:\"sax2-libsax~8.1~542.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-libsax-devel\", rpm:\"sax2-libsax-devel~8.1~542.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-libsax-perl\", rpm:\"sax2-libsax-perl~8.1~542.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-libsax-python\", rpm:\"sax2-libsax-python~8.1~542.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sax2-tools\", rpm:\"sax2-tools~8.1~542.8.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"stardict\", rpm:\"stardict~3.0.1~59.39.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"sysvinit\", rpm:\"sysvinit~2.86~186.17.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"telepathy-gabble\", rpm:\"telepathy-gabble~0.7.10~1.21.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"timezone\", rpm:\"timezone~2009b~3.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomboy\", rpm:\"tomboy~0.12.1~2.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"tomboy-lang\", rpm:\"tomboy-lang~0.12.1~2.26.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"x11-input-wacom\", rpm:\"x11-input-wacom~0.8.1~36.18.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"x11-input-wacom-devel\", rpm:\"x11-input-wacom-devel~0.8.1~36.18.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"x11-input-wacom-tools\", rpm:\"x11-input-wacom-tools~0.8.1~36.18.2\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-Xvnc\", rpm:\"xorg-x11-Xvnc~7.4~17.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-driver-input\", rpm:\"xorg-x11-driver-input~7.4~11.6.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-driver-video\", rpm:\"xorg-x11-driver-video~7.4~19.5.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-driver-video-radeonhd\", rpm:\"xorg-x11-driver-video-radeonhd~1.2.4_121202_4e89726~2.1.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-server\", rpm:\"xorg-x11-server~7.4~17.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-server-extra\", rpm:\"xorg-x11-server-extra~7.4~17.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xorg-x11-server-sdk\", rpm:\"xorg-x11-server-sdk~7.4~17.4.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~97.77.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~97.77.1\", rls:\"openSUSE11.1\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ConsoleKit\", rpm:\"ConsoleKit~0.2.10~14.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ConsoleKit-devel\", rpm:\"ConsoleKit-devel~0.2.10~14.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ConsoleKit-x11\", rpm:\"ConsoleKit-x11~0.2.10~14.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox\", rpm:\"MozillaFirefox~3.0.7~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"MozillaFirefox-translations\", rpm:\"MozillaFirefox-translations~3.0.7~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager\", rpm:\"NetworkManager~0.7.0.r3685~7.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-devel\", rpm:\"NetworkManager-devel~0.7.0.r3685~7.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-glib\", rpm:\"NetworkManager-glib~0.7.0.r3685~7.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-gnome\", rpm:\"NetworkManager-gnome~0.7.0.r729~7.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-kde\", rpm:\"NetworkManager-kde~0.7r821737~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-kde-devel\", rpm:\"NetworkManager-kde-devel~0.7r821737~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-openvpn-kde\", rpm:\"NetworkManager-openvpn-kde~0.7r821737~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-vpnc-kde\", rpm:\"NetworkManager-vpnc-kde~0.7r821737~0.5\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~8.1.4~0.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-audio\", rpm:\"bluez-audio~3.32~8.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-cups\", rpm:\"bluez-cups~3.32~8.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-test\", rpm:\"bluez-test~3.32~8.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-utils\", rpm:\"bluez-utils~3.32~8.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1\", rpm:\"dbus-1~1.2.1~15.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-devel\", rpm:\"dbus-1-devel~1.2.1~15.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-devel-doc\", rpm:\"dbus-1-devel-doc~1.2.1~15.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-glib\", rpm:\"dbus-1-glib~0.74~88.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-glib-devel\", rpm:\"dbus-1-glib-devel~0.74~88.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-glib-doc\", rpm:\"dbus-1-glib-doc~0.74~88.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-mono\", rpm:\"dbus-1-mono~0.63~154.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-python\", rpm:\"dbus-1-python~0.82.4~49.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-python-devel\", rpm:\"dbus-1-python-devel~0.82.4~49.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-qt3\", rpm:\"dbus-1-qt3~0.62~179.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-qt3-devel\", rpm:\"dbus-1-qt3-devel~0.62~179.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-x11\", rpm:\"dbus-1-x11~1.2.1~18.4\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-devel\", rpm:\"ghostscript-devel~8.62~17.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-fonts-other\", rpm:\"ghostscript-fonts-other~8.62~17.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-fonts-rus\", rpm:\"ghostscript-fonts-rus~8.62~17.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-fonts-std\", rpm:\"ghostscript-fonts-std~8.62~17.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-ijs-devel\", rpm:\"ghostscript-ijs-devel~8.62~17.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-library\", rpm:\"ghostscript-library~8.62~17.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-omni\", rpm:\"ghostscript-omni~8.62~17.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-x11\", rpm:\"ghostscript-x11~8.62~17.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk\", rpm:\"java-1_6_0-openjdk~1.4_b14~24.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-demo\", rpm:\"java-1_6_0-openjdk-demo~1.4_b14~24.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-devel\", rpm:\"java-1_6_0-openjdk-devel~1.4_b14~24.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-javadoc\", rpm:\"java-1_6_0-openjdk-javadoc~1.4_b14~24.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-plugin\", rpm:\"java-1_6_0-openjdk-plugin~1.4_b14~24.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"java-1_6_0-openjdk-src\", rpm:\"java-1_6_0-openjdk-src~1.4_b14~24.3\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kpartx\", rpm:\"kpartx~0.4.7~127.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"lcms\", rpm:\"lcms~1.17~40.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgimpprint\", rpm:\"libgimpprint~4.2.7~258.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgimpprint-devel\", rpm:\"libgimpprint-devel~4.2.7~258.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"liblcms-devel\", rpm:\"liblcms-devel~1.17~40.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"liblcms1\", rpm:\"liblcms1~1.17~40.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.4.1~28.6\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190\", rpm:\"mozilla-xulrunner190~1.9.0.7~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-devel\", rpm:\"mozilla-xulrunner190-devel~1.9.0.7~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-gnomevfs\", rpm:\"mozilla-xulrunner190-gnomevfs~1.9.0.7~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"mozilla-xulrunner190-translations\", rpm:\"mozilla-xulrunner190-translations~1.9.0.7~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"multipath-tools\", rpm:\"multipath-tools~0.4.7~127.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opera\", rpm:\"opera~9.64~1.1\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"powersave\", rpm:\"powersave~0.15.20~38.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"powersave-devel\", rpm:\"powersave-devel~0.15.20~38.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"powersave-libs\", rpm:\"powersave-libs~0.15.20~38.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~95.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~95.2\", rls:\"openSUSE11.0\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager\", rpm:\"NetworkManager~0.6.5~37.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-devel\", rpm:\"NetworkManager-devel~0.6.5~37.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-glib\", rpm:\"NetworkManager-glib~0.6.5~37.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-gnome\", rpm:\"NetworkManager-gnome~0.6.5~37.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-kde\", rpm:\"NetworkManager-kde~0.2r674918~55.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-kde-devel\", rpm:\"NetworkManager-kde-devel~0.2r674918~55.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-openvpn-kde\", rpm:\"NetworkManager-openvpn-kde~0.2r674918~55.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"NetworkManager-vpnc-kde\", rpm:\"NetworkManager-vpnc-kde~0.2r674918~55.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~8.1.4~0.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-cups\", rpm:\"bluez-cups~3.18~13.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-test\", rpm:\"bluez-test~3.18~13.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"bluez-utils\", rpm:\"bluez-utils~3.18~13.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1\", rpm:\"dbus-1~1.0.2~59.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-devel\", rpm:\"dbus-1-devel~1.0.2~59.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-devel-doc\", rpm:\"dbus-1-devel-doc~1.0.2~59.8\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-glib\", rpm:\"dbus-1-glib~0.74~25.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-glib-devel\", rpm:\"dbus-1-glib-devel~0.74~25.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-glib-doc\", rpm:\"dbus-1-glib-doc~0.74~25.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-mono\", rpm:\"dbus-1-mono~0.63~90.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-python\", rpm:\"dbus-1-python~0.82.0~28.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-python-devel\", rpm:\"dbus-1-python-devel~0.82.0~28.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-qt3\", rpm:\"dbus-1-qt3~0.62~110.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-qt3-devel\", rpm:\"dbus-1-qt3-devel~0.62~110.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"dbus-1-x11\", rpm:\"dbus-1-x11~1.0.2~67.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-fonts-other\", rpm:\"ghostscript-fonts-other~8.15.4~3.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-fonts-rus\", rpm:\"ghostscript-fonts-rus~8.15.4~3.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-fonts-std\", rpm:\"ghostscript-fonts-std~8.15.4~3.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-ijs-devel\", rpm:\"ghostscript-ijs-devel~8.15.4~3.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-library\", rpm:\"ghostscript-library~8.15.4~3.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-omni\", rpm:\"ghostscript-omni~8.15.4~3.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"ghostscript-x11\", rpm:\"ghostscript-x11~8.15.4~3.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hal\", rpm:\"hal~0.5.9_git20070831~13.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"hal-devel\", rpm:\"hal-devel~0.5.9_git20070831~13.7\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"kpartx\", rpm:\"kpartx~0.4.7~80.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgimpprint\", rpm:\"libgimpprint~4.2.7~178.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libgimpprint-devel\", rpm:\"libgimpprint-devel~4.2.7~178.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"liblcms\", rpm:\"liblcms~1.16~39.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"liblcms-devel\", rpm:\"liblcms-devel~1.16~39.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"libpurple\", rpm:\"libpurple~2.3.1~26.4\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"multipath-tools\", rpm:\"multipath-tools~0.4.7~80.2\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"opera\", rpm:\"opera~9.64~1.1\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"powersave\", rpm:\"powersave~0.15.17~10.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"powersave-devel\", rpm:\"powersave-devel~0.15.17~10.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"powersave-libs\", rpm:\"powersave-libs~0.15.17~10.3\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf\", rpm:\"xpdf~3.02~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\nif ((res = isrpmvuln(pkg:\"xpdf-tools\", rpm:\"xpdf-tools~3.02~19.6\", rls:\"openSUSE10.3\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2018-09-02T00:00:25", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=475111"], "pluginID": "40276", "description": "moodle was prone to several cross-site-scripting (XSS) and cross-site-request-forgery (CSRF) problems (CVE-2009-0499, CVE-2009-0500, CVE-2009-0501, CVE-2009-0502).", "edition": 5, "reporter": "Tenable", "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : moodle (moodle-672)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "modified": "2016-12-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:moodle-km", "p-cpe:/a:novell:opensuse:moodle-he", "p-cpe:/a:novell:opensuse:moodle-ga", "p-cpe:/a:novell:opensuse:moodle-is", "p-cpe:/a:novell:opensuse:moodle-fa", "p-cpe:/a:novell:opensuse:moodle-ja", "p-cpe:/a:novell:opensuse:moodle-sq", "p-cpe:/a:novell:opensuse:moodle-da", "p-cpe:/a:novell:opensuse:moodle-sv", "p-cpe:/a:novell:opensuse:moodle-hu", "p-cpe:/a:novell:opensuse:moodle-nn", "p-cpe:/a:novell:opensuse:moodle-kn", "p-cpe:/a:novell:opensuse:moodle-af", "p-cpe:/a:novell:opensuse:moodle-de_du", "p-cpe:/a:novell:opensuse:moodle-tr", "p-cpe:/a:novell:opensuse:moodle-hi", "p-cpe:/a:novell:opensuse:moodle-eu", "p-cpe:/a:novell:opensuse:moodle-lv", "p-cpe:/a:novell:opensuse:moodle-pl", "cpe:/o:novell:opensuse:11.1", "p-cpe:/a:novell:opensuse:moodle-sr", "p-cpe:/a:novell:opensuse:moodle-ar", "p-cpe:/a:novell:opensuse:moodle-ms", "p-cpe:/a:novell:opensuse:moodle-gl", "p-cpe:/a:novell:opensuse:moodle", "p-cpe:/a:novell:opensuse:moodle-fi", "p-cpe:/a:novell:opensuse:moodle-fr", "p-cpe:/a:novell:opensuse:moodle-et", "p-cpe:/a:novell:opensuse:moodle-vi", "p-cpe:/a:novell:opensuse:moodle-id", "p-cpe:/a:novell:opensuse:moodle-mi_tn", "p-cpe:/a:novell:opensuse:moodle-th", "p-cpe:/a:novell:opensuse:moodle-el", "p-cpe:/a:novell:opensuse:moodle-lt", "p-cpe:/a:novell:opensuse:moodle-de", "p-cpe:/a:novell:opensuse:moodle-ko", "p-cpe:/a:novell:opensuse:moodle-it", "p-cpe:/a:novell:opensuse:moodle-ru", "p-cpe:/a:novell:opensuse:moodle-bs", "p-cpe:/a:novell:opensuse:moodle-zh_cn", "p-cpe:/a:novell:opensuse:moodle-hr", "p-cpe:/a:novell:opensuse:moodle-sl", "p-cpe:/a:novell:opensuse:moodle-nl", "p-cpe:/a:novell:opensuse:moodle-ka", "p-cpe:/a:novell:opensuse:moodle-no", "p-cpe:/a:novell:opensuse:moodle-cs", "p-cpe:/a:novell:opensuse:moodle-ro", "p-cpe:/a:novell:opensuse:moodle-pt", "p-cpe:/a:novell:opensuse:moodle-tl", "p-cpe:/a:novell:opensuse:moodle-uk", "p-cpe:/a:novell:opensuse:moodle-es", "p-cpe:/a:novell:opensuse:moodle-be", "p-cpe:/a:novell:opensuse:moodle-ca", "p-cpe:/a:novell:opensuse:moodle-bg", "p-cpe:/a:novell:opensuse:moodle-sk", "p-cpe:/a:novell:opensuse:moodle-so"], "id": "SUSE_11_1_MOODLE-090319.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40276", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update moodle-672.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40276);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:51 $\");\n\n script_cve_id(\"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\");\n\n script_name(english:\"openSUSE Security Update : moodle (moodle-672)\");\n script_summary(english:\"Check for the moodle-672 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"moodle was prone to several cross-site-scripting (XSS) and\ncross-site-request-forgery (CSRF) problems (CVE-2009-0499,\nCVE-2009-0500, CVE-2009-0501, CVE-2009-0502).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=475111\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_cwe_id(79, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de_du\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-mi_tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-zh_cn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-af-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ar-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-be-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-bg-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-bs-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ca-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-cs-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-da-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-de-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-de_du-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-el-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-es-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-et-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-eu-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-fa-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-fi-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-fr-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ga-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-gl-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-he-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-hi-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-hr-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-hu-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-id-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-is-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-it-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ja-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ka-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-km-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-kn-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ko-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-lt-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-lv-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-mi_tn-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ms-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-nl-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-nn-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-no-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-pl-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-pt-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ro-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-ru-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-sk-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-sl-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-so-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-sq-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-sr-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-sv-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-th-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-tl-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-tr-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-uk-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-vi-1.9.3-1.11.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.1\", reference:\"moodle-zh_cn-1.9.3-1.11.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle / moodle-af / moodle-ar / moodle-be / moodle-bg / moodle-bs / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:54:06", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=484923", "http://www.nessus.org/u?6ed2b078", "https://bugzilla.redhat.com/show_bug.cgi?id=484922", "https://bugzilla.redhat.com/show_bug.cgi?id=484924", "https://bugzilla.redhat.com/show_bug.cgi?id=484916"], "pluginID": "35671", "description": "Multiple security fixes.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2009-02-13T00:00:00", "title": "Fedora 9 : moodle-1.9.4-1.fc9 (2009-1641)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "modified": "2016-12-08T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:moodle", "cpe:/o:fedoraproject:fedora:9"], "id": "FEDORA_2009-1641.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=35671", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-1641.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35671);\n script_version (\"$Revision: 1.14 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:21:55 $\");\n\n script_cve_id(\"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\");\n script_bugtraq_id(33610, 33612);\n script_xref(name:\"FEDORA\", value:\"2009-1641\");\n\n script_name(english:\"Fedora 9 : moodle-1.9.4-1.fc9 (2009-1641)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security fixes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=484916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=484922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=484923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=484924\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-February/020136.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6ed2b078\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(79, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:9\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 9.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC9\", reference:\"moodle-1.9.4-1.fc9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:47:10", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=475111"], "pluginID": "40069", "description": "moodle was prone to several cross-site-scripting (XSS) and cross-site-request-forgery (CSRF) problems (CVE-2009-0499, CVE-2009-0500, CVE-2009-0501, CVE-2009-0502).", "edition": 5, "reporter": "Tenable", "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : moodle (moodle-672)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "SuSE Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "modified": "2016-12-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:moodle-km", "p-cpe:/a:novell:opensuse:moodle-he", "p-cpe:/a:novell:opensuse:moodle-ga", "p-cpe:/a:novell:opensuse:moodle-is", "p-cpe:/a:novell:opensuse:moodle-fa", "p-cpe:/a:novell:opensuse:moodle-ja", "p-cpe:/a:novell:opensuse:moodle-sq", "p-cpe:/a:novell:opensuse:moodle-da", "cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:moodle-sv", "p-cpe:/a:novell:opensuse:moodle-hu", "p-cpe:/a:novell:opensuse:moodle-nn", "p-cpe:/a:novell:opensuse:moodle-kn", "p-cpe:/a:novell:opensuse:moodle-af", "p-cpe:/a:novell:opensuse:moodle-de_du", "p-cpe:/a:novell:opensuse:moodle-tr", "p-cpe:/a:novell:opensuse:moodle-hi", "p-cpe:/a:novell:opensuse:moodle-eu", "p-cpe:/a:novell:opensuse:moodle-lv", "p-cpe:/a:novell:opensuse:moodle-pl", "p-cpe:/a:novell:opensuse:moodle-sr", "p-cpe:/a:novell:opensuse:moodle-ar", "p-cpe:/a:novell:opensuse:moodle-ms", "p-cpe:/a:novell:opensuse:moodle-gl", "p-cpe:/a:novell:opensuse:moodle", "p-cpe:/a:novell:opensuse:moodle-fi", "p-cpe:/a:novell:opensuse:moodle-fr", "p-cpe:/a:novell:opensuse:moodle-et", "p-cpe:/a:novell:opensuse:moodle-vi", "p-cpe:/a:novell:opensuse:moodle-id", "p-cpe:/a:novell:opensuse:moodle-mi_tn", "p-cpe:/a:novell:opensuse:moodle-th", "p-cpe:/a:novell:opensuse:moodle-el", "p-cpe:/a:novell:opensuse:moodle-lt", "p-cpe:/a:novell:opensuse:moodle-de", "p-cpe:/a:novell:opensuse:moodle-ko", "p-cpe:/a:novell:opensuse:moodle-it", "p-cpe:/a:novell:opensuse:moodle-ru", "p-cpe:/a:novell:opensuse:moodle-bs", "p-cpe:/a:novell:opensuse:moodle-zh_cn", "p-cpe:/a:novell:opensuse:moodle-hr", "p-cpe:/a:novell:opensuse:moodle-sl", "p-cpe:/a:novell:opensuse:moodle-nl", "p-cpe:/a:novell:opensuse:moodle-ka", "p-cpe:/a:novell:opensuse:moodle-no", "p-cpe:/a:novell:opensuse:moodle-cs", "p-cpe:/a:novell:opensuse:moodle-ro", "p-cpe:/a:novell:opensuse:moodle-pt", "p-cpe:/a:novell:opensuse:moodle-tl", "p-cpe:/a:novell:opensuse:moodle-uk", "p-cpe:/a:novell:opensuse:moodle-es", "p-cpe:/a:novell:opensuse:moodle-be", "p-cpe:/a:novell:opensuse:moodle-ca", "p-cpe:/a:novell:opensuse:moodle-bg", "p-cpe:/a:novell:opensuse:moodle-sk", "p-cpe:/a:novell:opensuse:moodle-so"], "id": "SUSE_11_0_MOODLE-090320.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=40069", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update moodle-672.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40069);\n script_version(\"$Revision: 1.10 $\");\n script_cvs_date(\"$Date: 2016/12/21 20:09:50 $\");\n\n script_cve_id(\"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\");\n\n script_name(english:\"openSUSE Security Update : moodle (moodle-672)\");\n script_summary(english:\"Check for the moodle-672 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"moodle was prone to several cross-site-scripting (XSS) and\ncross-site-request-forgery (CSRF) problems (CVE-2009-0499,\nCVE-2009-0500, CVE-2009-0501, CVE-2009-0502).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=475111\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_cwe_id(79, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-af\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ar\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-be\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-bs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ca\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-cs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-da\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-de_du\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-es\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-et\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-eu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-fr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-gl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-he\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-hu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-id\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-is\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-it\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ka\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-km\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-kn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-lv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-mi_tn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-nn\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-no\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-pt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ro\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-ru\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-so\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sq\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-sv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-th\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-tr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-uk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-vi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:moodle-zh_cn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-af-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ar-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-be-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-bg-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-bs-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ca-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-cs-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-da-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-de-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-de_du-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-el-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-es-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-et-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-eu-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-fa-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-fi-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-fr-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ga-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-gl-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-he-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-hi-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-hr-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-hu-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-id-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-is-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-it-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ja-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ka-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-km-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-kn-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ko-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-lt-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-lv-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-mi_tn-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ms-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-nl-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-nn-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-no-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-pl-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-pt-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ro-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-ru-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-sk-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-sl-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-so-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-sq-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-sr-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-sv-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-th-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-tl-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-tr-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-uk-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-vi-1.9.0-24.6\") ) flag++;\nif ( rpm_check(release:\"SUSE11.0\", reference:\"moodle-zh_cn-1.9.0-24.6\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle / moodle-af / moodle-ar / moodle-be / moodle-bg / moodle-bs / etc\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:10:25", "references": ["https://bugzilla.redhat.com/show_bug.cgi?id=484923", "http://www.nessus.org/u?31f1de59", "https://bugzilla.redhat.com/show_bug.cgi?id=484922", "https://bugzilla.redhat.com/show_bug.cgi?id=484924", "https://bugzilla.redhat.com/show_bug.cgi?id=484916"], "pluginID": "37466", "description": "Multiple security fixes.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2009-04-23T00:00:00", "title": "Fedora 10 : moodle-1.9.4-1.fc10 (2009-1699)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 2.1}}, "naslFamily": "Fedora Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2009-0502", "CVE-2009-0499", "CVE-2009-0500"], "modified": "2016-12-08T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:10", "p-cpe:/a:fedoraproject:fedora:moodle"], "id": "FEDORA_2009-1699.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=37466", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2009-1699.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(37466);\n script_version (\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2016/12/08 20:21:55 $\");\n\n script_cve_id(\"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\");\n script_xref(name:\"FEDORA\", value:\"2009-1699\");\n\n script_name(english:\"Fedora 10 : moodle-1.9.4-1.fc10 (2009-1699)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple security fixes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=484916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=484922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=484923\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=484924\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2009-February/020297.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?31f1de59\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P\");\n script_cwe_id(79, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^10([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 10.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC10\", reference:\"moodle-1.9.4-1.fc10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:35:51", "references": ["https://security-tracker.debian.org/tracker/CVE-2008-5153", "https://security-tracker.debian.org/tracker/CVE-2009-0500", "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514284", "https://security-tracker.debian.org/tracker/CVE-2009-0502", "http://www.debian.org/security/2009/dsa-1724"], "pluginID": "35691", "description": "Several vulnerabilities have been discovered in Moodle, an online course management system. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2009-0500 It was discovered that the information stored in the log tables was not properly sanitized, which could allow attackers to inject arbitrary web code.\n\n - CVE-2009-0502 It was discovered that certain input via the 'Login as' function was not properly sanitised leading to the injection of arbitrary web script.\n\n - CVE-2008-5153 Dmitry E. Oboukhov discovered that the SpellCheker plugin creates temporary files insecurely, allowing a denial of service attack. Since the plugin was unused, it is removed in this update.", "edition": 6, "reporter": "Tenable", "published": "2009-02-17T00:00:00", "title": "Debian DSA-1724-1 : moodle - several vulnerabilities", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "Debian Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0502", "CVE-2008-5153", "CVE-2009-0500"], "modified": "2018-07-09T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:4.0", "p-cpe:/a:debian:debian_linux:moodle"], "id": "DEBIAN_DSA-1724.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=35691", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1724. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35691);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2018/07/09 14:30:24\");\n\n script_cve_id(\"CVE-2008-5153\", \"CVE-2009-0500\", \"CVE-2009-0502\");\n script_bugtraq_id(32402, 33610);\n script_xref(name:\"DSA\", value:\"1724\");\n\n script_name(english:\"Debian DSA-1724-1 : moodle - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in Moodle, an online\ncourse management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems :\n\n - CVE-2009-0500\n It was discovered that the information stored in the log\n tables was not properly sanitized, which could allow\n attackers to inject arbitrary web code.\n\n - CVE-2009-0502\n It was discovered that certain input via the 'Login as'\n function was not properly sanitised leading to the\n injection of arbitrary web script.\n\n - CVE-2008-5153\n Dmitry E. Oboukhov discovered that the SpellCheker\n plugin creates temporary files insecurely, allowing a\n denial of service attack. Since the plugin was unused,\n it is removed in this update.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514284\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2009-0502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2008-5153\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2009/dsa-1724\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the moodle package.\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 1.6.3-2+etch2.\n\nFor the testing (lenny) distribution these problems have been fixed in\nversion 1.8.2.dfsg-3+lenny1.\n\nFor the unstable (sid) distribution these problems have been fixed in\nversion 1.8.2.dfsg-4.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(59, 79);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:4.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"4.0\", prefix:\"moodle\", reference:\"1.6.3-2+etch2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-02T00:04:10", "references": ["http://docs.moodle.org/en/Moodle_1.8.8_release_notes", "http://moodle.org/mod/forum/discuss.php?d=115529", "http://docs.moodle.org/en/Moodle_1.9.4_release_notes"], "pluginID": "35749", "description": "The 'forum' code in the version of Moodle installed on the remote host is affected by a cross-site request forgery vulnerability due to a failure to properly validate requests before deleting forum posts. If an attacker can trick a Moodle user into clicking on a malicious link, this issue could be leveraged to delete the user's posts.\n\nNote that this install is also likely affected by several other vulnerabilities, including one allowing for arbitrary code execution, although Nessus has not checked for them.", "edition": 5, "reporter": "Tenable", "published": "2009-02-27T00:00:00", "title": "Moodle Forum 'post.php' Unauthorized Post Deletion CSRF", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "CGI abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0499"], "modified": "2018-06-13T00:00:00", "cpe": ["cpe:/a:moodle:moodle"], "id": "MOODLE_FORUM_CSRF.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=35749", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(35749);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/06/13 18:56:28\");\n\n script_cve_id(\"CVE-2009-0499\");\n script_bugtraq_id(33615);\n script_xref(name:\"Secunia\", value:\"33775\");\n\n script_name(english:\"Moodle Forum 'post.php' Unauthorized Post Deletion CSRF\");\n script_summary(english:\"Looks for hidden sesskey variable in 'prune.html'.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is affected by a\ncross-site request forgery vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The 'forum' code in the version of Moodle installed on the remote host\nis affected by a cross-site request forgery vulnerability due to a\nfailure to properly validate requests before deleting forum posts. If\nan attacker can trick a Moodle user into clicking on a malicious link,\nthis issue could be leveraged to delete the user's posts.\n\nNote that this install is also likely affected by several other\nvulnerabilities, including one allowing for arbitrary code execution,\nalthough Nessus has not checked for them.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.moodle.org/en/Moodle_1.9.4_release_notes\");\n script_set_attribute(attribute:\"see_also\", value:\"http://docs.moodle.org/en/Moodle_1.8.8_release_notes\");\n script_set_attribute(attribute:\"see_also\", value:\"http://moodle.org/mod/forum/discuss.php?d=115529\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Moodle version 1.9.4 / 1.8.8 / 1.7.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(352);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/02/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:moodle:moodle\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"moodle_detect.nasl\");\n script_require_keys(\"www/PHP\", \"installed_sw/Moodle\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"install_func.inc\");\n\napp = \"Moodle\";\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_single_install(\n app_name : app,\n port : port\n);\n\ndir = install['path'];\ninstall_url = build_url(port:port, qs:dir);\n\n# Grab prune.html.\nurl = dir + \"/mod/forum/prune.html\";\n\nres = http_send_recv3(method:\"GET\", item:url, port:port, exit_on_fail:TRUE);\n\n# There's a problem if it doesn't have the sesskey variable.\nif (\n '<form id=\"pruneform\" method=\"get\"' >< res[2] &&\n '<input type=\"hidden\" name=\"confirm\"' >< res[2] &&\n '<input type=\"hidden\" name=\"sesskey\"' >!< res[2]\n)\n{\n set_kb_item(name:'www/'+port+'/XSRF', value:TRUE);\n security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url);\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:57:56", "references": [], "pluginID": "39516", "description": "Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. (CVE-2007-3215)\n\nNigel McNie discovered that fetching https URLs did not correctly escape shell meta-characters. An authenticated remote attacker could execute arbitrary commands as the web server user, if curl was installed and configured. (CVE-2008-4796, MSA-09-0003)\n\nIt was discovered that Smarty (also included in Moodle), did not correctly filter certain inputs. An authenticated remote attacker could exploit this to execute arbitrary PHP commands as the web server user. (CVE-2008-4810, CVE-2008-4811, CVE-2009-1669)\n\nIt was discovered that the unused SpellChecker extension in Moodle did not correctly handle temporary files. If the tool had been locally modified, it could be made to overwrite arbitrary local files via symlinks. (CVE-2008-5153)\n\nMike Churchward discovered that Moodle did not correctly filter Wiki page titles in certain areas. An authenticated remote attacker could exploit this to cause cross-site scripting (XSS), which could be used to modify or steal confidential data of other users within the same web domain. (CVE-2008-5432, MSA-08-0022)\n\nIt was discovered that the HTML sanitizer, 'Login as' feature, and logging in Moodle did not correctly handle certain inputs. An authenticated remote attacker could exploit this to generate XSS, which could be used to modify or steal confidential data of other users within the same web domain. (CVE-2008-5619, CVE-2009-0500, CVE-2009-0502, MSA-08-0026, MSA-09-0004, MSA-09-0007)\n\nIt was discovered that the HotPot module in Moodle did not correctly filter SQL inputs. An authenticated remote attacker could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service. (CVE-2008-6124, MSA-08-0010)\n\nKevin Madura discovered that the forum actions and messaging settings in Moodle were not protected from cross-site request forgery (CSRF).\nIf an authenticated user were tricked into visiting a malicious website while logged into Moodle, a remote attacker could change the user's configurations or forum content. (CVE-2009-0499, MSA-09-0008, MSA-08-0023)\n\nDaniel Cabezas discovered that Moodle would leak usernames from the Calendar Export tool. A remote attacker could gather a list of users, leading to a loss of privacy. (CVE-2009-0501, MSA-09-0006)\n\nChristian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy. (CVE-2009-1171, MSA-09-0009)\n\nJohannes Kuhn discovered that Moodle did not correctly validate user permissions when attempting to switch user accounts. An authenticated remote attacker could switch to any other Moodle user, leading to a loss of privacy. (MSA-08-0003)\n\nHanno Boeck discovered that unconfigured Moodle instances contained XSS vulnerabilities. An unauthenticated remote attacker could exploit this to modify or steal confidential data of other users within the same web domain. (MSA-08-0004)\n\nDebbie McDonald, Mauno Korpelainen, Howard Miller, and Juan Segarra Montesinos discovered that when users were deleted from Moodle, their profiles and avatars were still visible. An authenticated remote attacker could exploit this to store information in profiles even after they were removed, leading to spam traffic. (MSA-08-0015, MSA-09-0001, MSA-09-0002)\n\nLars Vogdt discovered that Moodle did not correctly filter certain inputs. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. (MSA-08-0021)\n\nIt was discovered that Moodle did not correctly filter inputs for group creation, mnet, essay question, HOST param, wiki param, and others. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. (MDL-9288, MDL-11759, MDL-12079, MDL-12793, MDL-14806)\n\nIt was discovered that Moodle did not correctly filter SQL inputs when performing a restore. An attacker authenticated as a Moodle administrator could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service.\n(MDL-11857).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2009-06-25T00:00:00", "title": "Ubuntu 8.04 LTS / 8.10 : moodle vulnerabilities (USN-791-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0501", "CVE-2008-4811", "CVE-2008-5432", "CVE-2008-5619", "CVE-2009-0502", "CVE-2008-4810", "CVE-2008-4796", "CVE-2008-6124", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500", "CVE-2009-1171", "CVE-2009-1669", "CVE-2007-3215"], "modified": "2016-12-01T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:moodle", "cpe:/o:canonical:ubuntu_linux:8.04:-:lts", "cpe:/o:canonical:ubuntu_linux:8.10"], "id": "UBUNTU_USN-791-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=39516", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-791-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(39516);\n script_version(\"$Revision: 1.17 $\");\n script_cvs_date(\"$Date: 2016/12/01 21:21:52 $\");\n\n script_cve_id(\"CVE-2007-3215\", \"CVE-2008-4796\", \"CVE-2008-4810\", \"CVE-2008-4811\", \"CVE-2008-5153\", \"CVE-2008-5432\", \"CVE-2008-5619\", \"CVE-2008-6124\", \"CVE-2009-0499\", \"CVE-2009-0500\", \"CVE-2009-0501\", \"CVE-2009-0502\", \"CVE-2009-1171\", \"CVE-2009-1669\");\n script_bugtraq_id(31862, 31887, 32402, 32799, 33610, 33612, 34278, 34918);\n script_xref(name:\"USN\", value:\"791-1\");\n\n script_name(english:\"Ubuntu 8.04 LTS / 8.10 : moodle vulnerabilities (USN-791-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Thor Larholm discovered that PHPMailer, as used by Moodle, did not\ncorrectly escape email addresses. A local attacker with direct access\nto the Moodle database could exploit this to execute arbitrary\ncommands as the web server user. (CVE-2007-3215)\n\nNigel McNie discovered that fetching https URLs did not correctly\nescape shell meta-characters. An authenticated remote attacker could\nexecute arbitrary commands as the web server user, if curl was\ninstalled and configured. (CVE-2008-4796, MSA-09-0003)\n\nIt was discovered that Smarty (also included in Moodle), did not\ncorrectly filter certain inputs. An authenticated remote attacker\ncould exploit this to execute arbitrary PHP commands as the web server\nuser. (CVE-2008-4810, CVE-2008-4811, CVE-2009-1669)\n\nIt was discovered that the unused SpellChecker extension in Moodle did\nnot correctly handle temporary files. If the tool had been locally\nmodified, it could be made to overwrite arbitrary local files via\nsymlinks. (CVE-2008-5153)\n\nMike Churchward discovered that Moodle did not correctly filter Wiki\npage titles in certain areas. An authenticated remote attacker could\nexploit this to cause cross-site scripting (XSS), which could be used\nto modify or steal confidential data of other users within the same\nweb domain. (CVE-2008-5432, MSA-08-0022)\n\nIt was discovered that the HTML sanitizer, 'Login as' feature, and\nlogging in Moodle did not correctly handle certain inputs. An\nauthenticated remote attacker could exploit this to generate XSS,\nwhich could be used to modify or steal confidential data of other\nusers within the same web domain. (CVE-2008-5619, CVE-2009-0500,\nCVE-2009-0502, MSA-08-0026, MSA-09-0004, MSA-09-0007)\n\nIt was discovered that the HotPot module in Moodle did not correctly\nfilter SQL inputs. An authenticated remote attacker could execute\narbitrary SQL commands as the moodle database user, leading to a loss\nof privacy or denial of service. (CVE-2008-6124, MSA-08-0010)\n\nKevin Madura discovered that the forum actions and messaging settings\nin Moodle were not protected from cross-site request forgery (CSRF).\nIf an authenticated user were tricked into visiting a malicious\nwebsite while logged into Moodle, a remote attacker could change the\nuser's configurations or forum content. (CVE-2009-0499, MSA-09-0008,\nMSA-08-0023)\n\nDaniel Cabezas discovered that Moodle would leak usernames from the\nCalendar Export tool. A remote attacker could gather a list of users,\nleading to a loss of privacy. (CVE-2009-0501, MSA-09-0006)\n\nChristian Eibl discovered that the TeX filter in Moodle allowed any\nfunction to be used. An authenticated remote attacker could post a\nspecially crafted TeX formula to execute arbitrary TeX functions,\npotentially reading any file accessible to the web server user,\nleading to a loss of privacy. (CVE-2009-1171, MSA-09-0009)\n\nJohannes Kuhn discovered that Moodle did not correctly validate user\npermissions when attempting to switch user accounts. An authenticated\nremote attacker could switch to any other Moodle user, leading to a\nloss of privacy. (MSA-08-0003)\n\nHanno Boeck discovered that unconfigured Moodle instances contained\nXSS vulnerabilities. An unauthenticated remote attacker could exploit\nthis to modify or steal confidential data of other users within the\nsame web domain. (MSA-08-0004)\n\nDebbie McDonald, Mauno Korpelainen, Howard Miller, and Juan Segarra\nMontesinos discovered that when users were deleted from Moodle, their\nprofiles and avatars were still visible. An authenticated remote\nattacker could exploit this to store information in profiles even\nafter they were removed, leading to spam traffic. (MSA-08-0015,\nMSA-09-0001, MSA-09-0002)\n\nLars Vogdt discovered that Moodle did not correctly filter certain\ninputs. An authenticated remote attacker could exploit this to\ngenerate XSS from which they could modify or steal confidential data\nof other users within the same web domain. (MSA-08-0021)\n\nIt was discovered that Moodle did not correctly filter inputs for\ngroup creation, mnet, essay question, HOST param, wiki param, and\nothers. An authenticated remote attacker could exploit this to\ngenerate XSS from which they could modify or steal confidential data\nof other users within the same web domain. (MDL-9288, MDL-11759,\nMDL-12079, MDL-12793, MDL-14806)\n\nIt was discovered that Moodle did not correctly filter SQL inputs when\nperforming a restore. An attacker authenticated as a Moodle\nadministrator could execute arbitrary SQL commands as the moodle\ndatabase user, leading to a loss of privacy or denial of service.\n(MDL-11857).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected moodle package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Roundcube 0.2beta RCE\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(20, 59, 79, 89, 94, 264, 352);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:moodle\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:8.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2009/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2009-2016 Canonical, Inc. / NASL script (C) 2009-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(8\\.04|8\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 8.04 / 8.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"8.04\", pkgname:\"moodle\", pkgver:\"1.8.2-1ubuntu4.2\")) flag++;\nif (ubuntu_check(osver:\"8.10\", pkgname:\"moodle\", pkgver:\"1.8.2-1.2ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"moodle\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:13:37", "references": [], "affectedPackage": [{"OS": "Debian", "OSVersion": "4", "packageVersion": "1.6.3-2+etch2", "arch": "all", "packageFilename": "moodle_1.6.3-2+etch2_all.deb", "packageName": "moodle", "operator": "lt"}], "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1724-1 security@debian.org\nhttp://www.debian.org/security/ Steffen Joeris\nFebruary 13th, 2009 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : moodle\nVulnerability : several vulnerabilities\nProblem type : remote\nDebian-specific: no\nCVE IDs : CVE-2009-0500 CVE-2009-0502 CVE-2008-5153\nDebian Bug : 514284\n\nSeveral vulnerabilities have been discovered in Moodle, an online\ncourse management system. The Common Vulnerabilities and Exposures\nproject identifies the following problems:\n\nCVE-2009-0500\n\n It was discovered that the information stored in the log tables\n was not properly sanitized, which could allow attackers to inject\n arbitrary web code.\n\nCVE-2009-0502\n\n It was discovered that certain input via the &quot;Login as&quot; function\n was not properly sanitised leading to the injection of arbitrary\n web script.\n\nCVE-2008-5153\n\n Dmitry E. Oboukhov discovered that the SpellCheker plugin creates\n temporary files insecurely, allowing a denial of service attack.\n Since the plugin was unused, it is removed in this update.\n\nFor the stable distribution (etch) these problems have been fixed in\nversion 1.6.3-2+etch2.\n\nFor the testing (lenny) distribution these problems have been fixed in\nversion 1.8.2.dfsg-3+lenny1.\n\nFor the unstable (sid) distribution these problems have been fixed in\nversion 1.8.2.dfsg-4.\n\nWe recommend that you upgrade your moodle package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given at the end of this advisory:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2.dsc\n Size/MD5 checksum: 793 b86fd980d09fc1f54744962d765a17d7\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2.diff.gz\n Size/MD5 checksum: 25398 60b9bf677040fbd71e7951deaa8b91d7\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3.orig.tar.gz\n Size/MD5 checksum: 7465709 2f9f3fcf83ab0f18c409f3a48e07eae2\n\n Architecture independent components:\n\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb\n Size/MD5 checksum: 6582298 7a90893e954672f33e129aa4d7ca5aa3\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "edition": 1, "reporter": "Debian", "published": "2009-02-13T20:47:27", "title": "[SECURITY] [DSA 1724-1] New moodle packages fix several vulnerabilities", "type": "debian", "enchantments": {}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-0502", "CVE-2008-5153", "CVE-2009-0500"], "modified": "2009-02-13T20:47:27", "id": "DEBIAN:DSA-1724-1:A27A9", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2009/msg00033.html", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:29", "references": [], "description": "- --------------------------------------------------------------------------\r\nDebian Security Advisory DSA 1724-1 security@debian.org\r\nhttp://www.debian.org/security/ Steffen Joeris\r\nFebruary 13th, 2009 http://www.debian.org/security/faq\r\n- --------------------------------------------------------------------------\r\n\r\nPackage : moodle\r\nVulnerability : several vulnerabilities\r\nProblem type : remote\r\nDebian-specific: no\r\nCVE IDs : CVE-2009-0500 CVE-2009-0502 CVE-2008-5153\r\nDebian Bug : 514284\r\n\r\nSeveral vulnerabilities have been discovered in Moodle, an online\r\ncourse management system. The Common Vulnerabilities and Exposures\r\nproject identifies the following problems:\r\n\r\nCVE-2009-0500\r\n\r\n It was discovered that the information stored in the log tables\r\n was not properly sanitized, which could allow attackers to inject\r\n arbitrary web code.\r\n\r\nCVE-2009-0502\r\n\r\n It was discovered that certain input via the &quot;Login as&quot; function\r\n was not properly sanitised leading to the injection of arbitrary\r\n web script.\r\n\r\nCVE-2008-5153\r\n\r\n Dmitry E. Oboukhov discovered that the SpellCheker plugin creates\r\n temporary files insecurely, allowing a denial of service attack.\r\n Since the plugin was unused, it is removed in this update.\r\n\r\nFor the stable distribution &#40;etch&#41; these problems have been fixed in\r\nversion 1.6.3-2+etch2.\r\n\r\nFor the testing &#40;lenny&#41; distribution these problems have been fixed in\r\nversion 1.8.2.dfsg-3+lenny1.\r\n\r\nFor the unstable &#40;sid&#41; distribution these problems have been fixed in\r\nversion 1.8.2.dfsg-4.\r\n\r\nWe recommend that you upgrade your moodle package.\r\n\r\n\r\nUpgrade Instructions\r\n- --------------------\r\n\r\nwget url\r\n will fetch the file for you\r\ndpkg -i file.deb\r\n will install the referenced file.\r\n\r\nIf you are using the apt-get package manager, use the line for\r\nsources.list as given at the end of this advisory:\r\n\r\napt-get update\r\n will update the internal database\r\napt-get upgrade\r\n will install corrected packages\r\n\r\nYou may use an automated update by adding the resources from the\r\nfooter to the proper configuration.\r\n\r\n\r\nDebian GNU/Linux 4.0 alias etch\r\n- -------------------------------\r\n\r\n Source archives:\r\n\r\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2.dsc\r\n Size/MD5 checksum: 793 b86fd980d09fc1f54744962d765a17d7\r\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2.diff.gz\r\n Size/MD5 checksum: 25398 60b9bf677040fbd71e7951deaa8b91d7\r\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3.orig.tar.gz\r\n Size/MD5 checksum: 7465709 2f9f3fcf83ab0f18c409f3a48e07eae2\r\n\r\n Architecture independent components:\r\n\r\n http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+etch2_all.deb\r\n Size/MD5 checksum: 6582298 7a90893e954672f33e129aa4d7ca5aa3\r\n\r\n\r\n These files will probably be moved into the stable distribution on\r\n its next update.\r\n\r\n- ---------------------------------------------------------------------------------\r\nFor apt-get: deb http://security.debian.org/ stable/updates main\r\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\r\nMailing list: debian-security-announce@lists.debian.org\r\nPackage info: &#96;apt-cache show &lt;pkg&gt;&#39; and http://packages.debian.org/&lt;pkg&gt;\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFJldoJW5ql+IAeqTIRAqgIAJ0dhSgFQxBDCq0PoSav/LyyCmtaYQCgj+Ln\r\nr8qoVwy7k6F60fJPA1DAKYE=\r\n=GzCu\r\n-----END PGP SIGNATURE-----", "edition": 1, "reporter": "Securityvulns", "published": "2009-02-16T00:00:00", "title": "[SECURITY] [DSA 1724-1] New moodle packages fix several vulnerabilities", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:10:29", "vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2009-0502", "CVE-2008-5153", "CVE-2009-0500"], "modified": "2009-02-16T00:00:00", "id": "SECURITYVULNS:DOC:21355", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21355", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:32", "references": ["https://vulners.com/securityvulns/securityvulns:doc:21359", "https://vulners.com/securityvulns/securityvulns:doc:21356", "https://vulners.com/securityvulns/securityvulns:doc:21355", "https://vulners.com/securityvulns/securityvulns:doc:21358"], "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "reporter": "BUGTRAQ", "published": "2009-02-16T00:00:00", "title": "Daily web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;", "type": "securityvulns", "enchantments": {"score": {"modified": "2018-08-31T11:09:32", "vector": "NONE", "value": 4.3}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "WebSVN", "version": "1.7", "operator": "eq"}, {"name": "Moodle", "version": "1.8", "operator": "eq"}, {"name": "moodle", "version": "1.9", "operator": "eq"}, {"name": "Snoopy", "version": "1.2", "operator": "eq"}, {"name": "RavenNuke", "version": "2.3", "operator": "eq"}, {"name": "Samizdat", "version": "0.6", "operator": "eq"}, {"name": "Moodle", "version": "1.7", "operator": "eq"}, {"name": "Moodle", "version": "1.6", "operator": "eq"}], "cvelist": ["CVE-2009-0240", "CVE-2009-0502", "CVE-2008-5153", "CVE-2009-0500"], "modified": "2009-02-16T00:00:00", "id": "SECURITYVULNS:VULN:9681", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9681", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:15", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4796", "https://people.canonical.com/~ubuntu-security/cve/CVE-2007-3215", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4810", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-5153", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-0502", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-5619", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-0500", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-1669", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-4811", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-5432", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-0499", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-0501", "https://people.canonical.com/~ubuntu-security/cve/CVE-2009-1171", "https://people.canonical.com/~ubuntu-security/cve/CVE-2008-6124"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "8.04", "packageVersion": "1.8.2-1ubuntu4.2", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "moodle", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "8.10", "packageVersion": "1.8.2-1.2ubuntu2.1", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "moodle", "operator": "lt"}], "description": "Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. (CVE-2007-3215)\n\nNigel McNie discovered that fetching https URLs did not correctly escape shell meta-characters. An authenticated remote attacker could execute arbitrary commands as the web server user, if curl was installed and configured. (CVE-2008-4796, MSA-09-0003)\n\nIt was discovered that Smarty (also included in Moodle), did not correctly filter certain inputs. An authenticated remote attacker could exploit this to execute arbitrary PHP commands as the web server user. (CVE-2008-4810, CVE-2008-4811, CVE-2009-1669)\n\nIt was discovered that the unused SpellChecker extension in Moodle did not correctly handle temporary files. If the tool had been locally modified, it could be made to overwrite arbitrary local files via symlinks. (CVE-2008-5153)\n\nMike Churchward discovered that Moodle did not correctly filter Wiki page titles in certain areas. An authenticated remote attacker could exploit this to cause cross-site scripting (XSS), which could be used to modify or steal confidential data of other users within the same web domain. (CVE-2008-5432, MSA-08-0022)\n\nIt was discovered that the HTML sanitizer, \u201cLogin as\u201d feature, and logging in Moodle did not correctly handle certain inputs. An authenticated remote attacker could exploit this to generate XSS, which could be used to modify or steal confidential data of other users within the same web domain. (CVE-2008-5619, CVE-2009-0500, CVE-2009-0502, MSA-08-0026, MSA-09-0004, MSA-09-0007)\n\nIt was discovered that the HotPot module in Moodle did not correctly filter SQL inputs. An authenticated remote attacker could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service. (CVE-2008-6124, MSA-08-0010)\n\nKevin Madura discovered that the forum actions and messaging settings in Moodle were not protected from cross-site request forgery (CSRF). If an authenticated user were tricked into visiting a malicious website while logged into Moodle, a remote attacker could change the user\u2019s configurations or forum content. (CVE-2009-0499, MSA-09-0008, MSA-08-0023)\n\nDaniel Cabezas discovered that Moodle would leak usernames from the Calendar Export tool. A remote attacker could gather a list of users, leading to a loss of privacy. (CVE-2009-0501, MSA-09-0006)\n\nChristian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy. (CVE-2009-1171, MSA-09-0009)\n\nJohannes Kuhn discovered that Moodle did not correctly validate user permissions when attempting to switch user accounts. An authenticated remote attacker could switch to any other Moodle user, leading to a loss of privacy. (MSA-08-0003)\n\nHanno Boeck discovered that unconfigured Moodle instances contained XSS vulnerabilities. An unauthenticated remote attacker could exploit this to modify or steal confidential data of other users within the same web domain. (MSA-08-0004)\n\nDebbie McDonald, Mauno Korpelainen, Howard Miller, and Juan Segarra Montesinos discovered that when users were deleted from Moodle, their profiles and avatars were still visible. An authenticated remote attacker could exploit this to store information in profiles even after they were removed, leading to spam traffic. (MSA-08-0015, MSA-09-0001, MSA-09-0002)\n\nLars Vogdt discovered that Moodle did not correctly filter certain inputs. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. (MSA-08-0021)\n\nIt was discovered that Moodle did not correctly filter inputs for group creation, mnet, essay question, HOST param, wiki param, and others. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. (MDL-9288, MDL-11759, MDL-12079, MDL-12793, MDL-14806)\n\nIt was discovered that Moodle did not correctly filter SQL inputs when performing a restore. An attacker authenticated as a Moodle administrator could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service. (MDL-11857)", "edition": 3, "reporter": "Ubuntu", "published": "2009-06-24T00:00:00", "title": "Moodle vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2009-0501", "CVE-2008-4811", "CVE-2008-5432", "CVE-2008-5619", "CVE-2009-0502", "CVE-2008-4810", "CVE-2008-4796", "CVE-2008-6124", "CVE-2008-5153", "CVE-2009-0499", "CVE-2009-0500", "CVE-2009-1171", "CVE-2009-1669", "CVE-2007-3215"], "modified": "2009-06-24T00:00:00", "id": "USN-791-1", "href": "https://usn.ubuntu.com/791-1/", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}