Vulnerabilities > CVE-2009-0501 - Unspecified vulnerability in Moodle
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 10 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_0_MOODLE-090320.NASL description moodle was prone to several cross-site-scripting (XSS) and cross-site-request-forgery (CSRF) problems (CVE-2009-0499, CVE-2009-0500, CVE-2009-0501, CVE-2009-0502). last seen 2020-06-01 modified 2020-06-02 plugin id 40069 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40069 title openSUSE Security Update : moodle (moodle-672) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update moodle-672. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(40069); script_version("1.12"); script_cvs_date("Date: 2019/10/25 13:36:34"); script_cve_id("CVE-2009-0499", "CVE-2009-0500", "CVE-2009-0501", "CVE-2009-0502"); script_name(english:"openSUSE Security Update : moodle (moodle-672)"); script_summary(english:"Check for the moodle-672 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "moodle was prone to several cross-site-scripting (XSS) and cross-site-request-forgery (CSRF) problems (CVE-2009-0499, CVE-2009-0500, CVE-2009-0501, CVE-2009-0502)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=475111" ); script_set_attribute( attribute:"solution", value:"Update the affected moodle packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P"); script_cwe_id(79, 352); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-af"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-be"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-bg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-bs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ca"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-cs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-da"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-de"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-de_du"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-el"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-es"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-et"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-eu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-fa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-fi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-fr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ga"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-gl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-he"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-hi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-hr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-hu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-id"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-is"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-it"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ja"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ka"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-km"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-kn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ko"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-lt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-lv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-mi_tn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ms"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-nl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-nn"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-no"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-pl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-pt"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ro"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-ru"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-sk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-sl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-so"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-sq"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-sr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-sv"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-th"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-tl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-tr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-uk"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-vi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:moodle-zh_cn"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/03/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/07/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.0)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.0", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( rpm_check(release:"SUSE11.0", reference:"moodle-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-af-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-ar-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-be-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-bg-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-bs-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-ca-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-cs-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-da-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-de-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-de_du-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-el-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-es-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-et-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-eu-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-fa-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-fi-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-fr-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-ga-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-gl-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-he-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-hi-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-hr-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-hu-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-id-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-is-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-it-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-ja-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-ka-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-km-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-kn-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-ko-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-lt-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-lv-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-mi_tn-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-ms-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-nl-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-nn-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-no-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-pl-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-pt-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-ro-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-ru-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-sk-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-sl-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-so-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-sq-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-sr-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-sv-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-th-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-tl-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-tr-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-uk-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-vi-1.9.0-24.6") ) flag++; if ( rpm_check(release:"SUSE11.0", reference:"moodle-zh_cn-1.9.0-24.6") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "moodle / moodle-af / moodle-ar / moodle-be / moodle-bg / moodle-bs / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2009-1699.NASL description Multiple security fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 37466 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37466 title Fedora 10 : moodle-1.9.4-1.fc10 (2009-1699) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2009-1699. # include("compat.inc"); if (description) { script_id(37466); script_version ("1.13"); script_cvs_date("Date: 2019/08/02 13:32:29"); script_cve_id("CVE-2009-0499", "CVE-2009-0500", "CVE-2009-0501", "CVE-2009-0502"); script_xref(name:"FEDORA", value:"2009-1699"); script_name(english:"Fedora 10 : moodle-1.9.4-1.fc10 (2009-1699)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Multiple security fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=484916" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=484922" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=484923" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=484924" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-February/020297.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?31f1de59" ); script_set_attribute( attribute:"solution", value:"Update the affected moodle package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P"); script_cwe_id(79, 352); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:moodle"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:10"); script_set_attribute(attribute:"patch_publication_date", value:"2009/02/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^10([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 10.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC10", reference:"moodle-1.9.4-1.fc10")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "moodle"); }NASL family Fedora Local Security Checks NASL id FEDORA_2009-1641.NASL description Multiple security fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 35671 published 2009-02-13 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/35671 title Fedora 9 : moodle-1.9.4-1.fc9 (2009-1641) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2009-1641. # include("compat.inc"); if (description) { script_id(35671); script_version ("1.16"); script_cvs_date("Date: 2019/08/02 13:32:29"); script_cve_id("CVE-2009-0499", "CVE-2009-0500", "CVE-2009-0501", "CVE-2009-0502"); script_bugtraq_id(33610, 33612); script_xref(name:"FEDORA", value:"2009-1641"); script_name(english:"Fedora 9 : moodle-1.9.4-1.fc9 (2009-1641)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Multiple security fixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=484916" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=484922" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=484923" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=484924" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-February/020136.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?6ed2b078" ); script_set_attribute( attribute:"solution", value:"Update the affected moodle package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(79, 352); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:moodle"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:9"); script_set_attribute(attribute:"patch_publication_date", value:"2009/02/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/02/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 9.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC9", reference:"moodle-1.9.4-1.fc9")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "moodle"); }NASL family SuSE Local Security Checks NASL id SUSE_11_1_MOODLE-090319.NASL description moodle was prone to several cross-site-scripting (XSS) and cross-site-request-forgery (CSRF) problems (CVE-2009-0499, CVE-2009-0500, CVE-2009-0501, CVE-2009-0502). last seen 2020-06-01 modified 2020-06-02 plugin id 40276 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40276 title openSUSE Security Update : moodle (moodle-672) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-791-1.NASL description Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. (CVE-2007-3215) Nigel McNie discovered that fetching https URLs did not correctly escape shell meta-characters. An authenticated remote attacker could execute arbitrary commands as the web server user, if curl was installed and configured. (CVE-2008-4796, MSA-09-0003) It was discovered that Smarty (also included in Moodle), did not correctly filter certain inputs. An authenticated remote attacker could exploit this to execute arbitrary PHP commands as the web server user. (CVE-2008-4810, CVE-2008-4811, CVE-2009-1669) It was discovered that the unused SpellChecker extension in Moodle did not correctly handle temporary files. If the tool had been locally modified, it could be made to overwrite arbitrary local files via symlinks. (CVE-2008-5153) Mike Churchward discovered that Moodle did not correctly filter Wiki page titles in certain areas. An authenticated remote attacker could exploit this to cause cross-site scripting (XSS), which could be used to modify or steal confidential data of other users within the same web domain. (CVE-2008-5432, MSA-08-0022) It was discovered that the HTML sanitizer, last seen 2020-06-01 modified 2020-06-02 plugin id 39516 published 2009-06-25 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39516 title Ubuntu 8.04 LTS / 8.10 : moodle vulnerabilities (USN-791-1) NASL family SuSE Local Security Checks NASL id SUSE_MOODLE-6108.NASL description moodle was prone to several cross-site-scripting (XSS) and cross-site-request-forgery (CSRF) problems (CVE-2009-0499, CVE-2009-0500, CVE-2009-0501, CVE-2009-0502). last seen 2020-06-01 modified 2020-06-02 plugin id 36008 published 2009-03-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36008 title openSUSE 10 Security Update : moodle (moodle-6108)