Weekly Vulnerabilities Reports > February 22 to 28, 2016

Overview

65 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 10 high severity vulnerabilities. This weekly summary report vulnerabilities in 26 products from 20 vendors including Moodle, Wireshark, Canonical, Debian, and Apache. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", and "Resource Management Errors".

  • 62 reported vulnerabilities are remotely exploitables.
  • 11 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 43 reported vulnerabilities are exploitable by an anonymous user.
  • Moodle has the most reported vulnerabilities, with 23 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-02-24 CVE-2015-8277 Flexerasoftware Buffer Errors vulnerability in Flexerasoftware Flexnet Publisher 11.10/11.13.1.0

Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher before 11.13.1.2 Security Update 1 allow remote attackers to execute arbitrary code via a crafted packet with opcode (a) 0x107 or (b) 0x10a.

10.0
2016-02-27 CVE-2015-6022 Qnap Unspecified vulnerability in Qnap Signage Station 2.0

Unrestricted file upload vulnerability in QNAP Signage Station before 2.0.1 allows remote authenticated users to execute arbitrary code by uploading an executable file, and then accessing this file via an unspecified URL.

9.0
2016-02-26 CVE-2016-1297 Cisco OS Command Injection vulnerability in Cisco Application Control Engine Software

The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 A5 before A5(3.1) allows remote authenticated users to bypass intended RBAC restrictions and execute arbitrary CLI commands with admin privileges via an unspecified parameter in a POST request, aka Bug ID CSCul84801.

9.0

10 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-02-27 CVE-2015-7262 Qnap Source Code vulnerability in Qnap Iartist Lite and Signage Station

QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, allows remote authenticated users to gain privileges by registering an executable file, and then waiting for this file to be run in a privileged context after a reboot.

8.5
2016-02-27 CVE-2015-7261 Qnap Credentials Management vulnerability in Qnap Iartist Lite and Signage Station

The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a session on TCP port 21.

7.5
2016-02-23 CVE-2015-8805 Nettle Project
Canonical
Opensuse
Cryptographic Issues vulnerability in multiple products

The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8803.

7.5
2016-02-23 CVE-2015-8804 Nettle Project
Canonical
Opensuse
Cryptographic Issues vulnerability in multiple products

x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors.

7.5
2016-02-23 CVE-2015-8803 Nettle Project
Canonical
Opensuse
Cryptographic Issues vulnerability in multiple products

The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805.

7.5
2016-02-28 CVE-2016-2521 Wireshark Permissions, Privileges, and Access Controls vulnerability in Wireshark

Untrusted search path vulnerability in the WiresharkApplication class in ui/qt/wireshark_application.cpp in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 on Windows allows local users to gain privileges via a Trojan horse riched20.dll.dll file in the current working directory, related to use of QLibrary.

7.2
2016-02-24 CVE-2016-2542 Flexera Unspecified vulnerability in Flexera Installshield 2015

Untrusted search path vulnerability in Flexera InstallShield through 2015 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file.

7.2
2016-02-28 CVE-2016-2523 Wireshark Resource Management Errors vulnerability in Wireshark

The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in the DNP3 dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

7.1
2016-02-22 CVE-2016-2316 Fedoraproject
Digium
Integer Underflow (Wrap OR Wraparound) vulnerability in multiple products

chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3, when the timert1 sip.conf configuration is set to a value greater than 1245, allows remote attackers to cause a denial of service (file descriptor consumption) via vectors related to large retransmit timeout values.

7.1
2016-02-22 CVE-2015-5332 Moodle Resource Management Errors vulnerability in Moodle

Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autosave feature.

7.1

50 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-02-24 CVE-2016-1341 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Nx-Os 7.0(1)N1(1)/7.0(1)N1(3)/7.0(4)N1(1)

Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 Fabric Extender devices has a blank root password, which allows local users to gain privileges via unspecified vectors, aka Bug ID CSCur22079.

6.9
2016-02-25 CVE-2015-5351 Apache
Debian
Canonical
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token.

6.8
2016-02-25 CVE-2015-5346 Apache
Canonical
Debian
Session Fixation vulnerability in Apache Tomcat

Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the same web application, might allow remote attackers to hijack web sessions by leveraging use of a requestedSessionSSL field for an unintended request, related to CoyoteAdapter.java and Request.java.

6.8
2016-02-22 CVE-2016-2536 SAP
Google
Resource Management Errors vulnerability in multiple products

Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise Viewer allow remote attackers to execute arbitrary code via a crafted SketchUp document.

6.8
2016-02-22 CVE-2015-5338 Moodle Cross-Site Request Forgery (CSRF) vulnerability in Moodle

Multiple cross-site request forgery (CSRF) vulnerabilities in the lesson module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote attackers to hijack the authentication of arbitrary users for requests to (1) mod/lesson/mediafile.php or (2) mod/lesson/view.php.

6.8
2016-02-25 CVE-2016-0763 Debian
Apache
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

The setGlobalContext method in org/apache/naming/factory/ResourceLinkFactory.java in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M3 does not consider whether ResourceLinkFactory.setGlobalContext callers are authorized, which allows remote authenticated users to bypass intended SecurityManager restrictions and read or write to arbitrary application data, or cause a denial of service (application disruption), via a web application that sets a crafted global context.

6.5
2016-02-25 CVE-2016-0714 Apache
Debian
Canonical
Permissions, Privileges, and Access Controls vulnerability in multiple products

The session-persistence implementation in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 mishandles session attributes, which allows remote authenticated users to bypass intended SecurityManager restrictions and execute arbitrary code in a privileged context via a web application that places a crafted object in a session.

6.5
2016-02-22 CVE-2015-3272 Moodle Unspecified vulnerability in Moodle

Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL.

5.8
2016-02-22 CVE-2015-5264 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to bypass intended access restrictions and enter additional answer attempts by leveraging the student role.

5.5
2016-02-27 CVE-2016-2572 Squid Cache Improper Input Validation vulnerability in Squid-Cache Squid

http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.

5.0
2016-02-27 CVE-2016-2571 Squid Cache Improper Input Validation vulnerability in Squid-Cache Squid

http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with the storage of certain data after a response-parsing failure, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a malformed response.

5.0
2016-02-27 CVE-2016-2570 Squid Cache Improper Input Validation vulnerability in Squid-Cache Squid

The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not check buffer limits during XML parsing, which allows remote HTTP servers to cause a denial of service (assertion failure and daemon exit) via a crafted XML document, related to esi/CustomParser.cc and esi/CustomParser.h.

5.0
2016-02-27 CVE-2016-2569 Squid Cache Improper Input Validation vulnerability in Squid-Cache Squid

Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append data to String objects, which allows remote servers to cause a denial of service (assertion failure and daemon exit) via a long string, as demonstrated by a crafted HTTP Vary header.

5.0
2016-02-27 CVE-2015-6036 Qnap Unspecified vulnerability in Qnap Sinage Station 2.0.0

QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request.

5.0
2016-02-26 CVE-2016-1342 Cisco Information Exposure vulnerability in Cisco Firepower Management Center

The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654.

5.0
2016-02-25 CVE-2015-5345 Debian
Apache
Canonical
Path Traversal vulnerability in multiple products

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

5.0
2016-02-23 CVE-2013-7448 Debian
Didiwiki Project
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in wiki.c in didiwiki allows remote attackers to read arbitrary files via the page parameter to api/page/get.

5.0
2016-02-23 CVE-2016-2537 IS MY Json Valid Project Improper Input Validation vulnerability in IS MY Json Valid Project IS MY Json Valid 2.12.3

The is-my-json-valid package before 2.12.4 for Node.js has an incorrect exports['utc-millisec'] regular expression, which allows remote attackers to cause a denial of service (blocked event loop) via a crafted string.

5.0
2016-02-22 CVE-2015-5267 Moodle Information Exposure vulnerability in Moodle

lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mt_rand function to implement the random_string and complex_random_string functions, which makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.

5.0
2016-02-22 CVE-2015-5266 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-running sync script.

4.9
2016-02-28 CVE-2016-2532 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c in the LLRP dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 does not limit the recursion depth, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.

4.3
2016-02-28 CVE-2016-2531 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that triggers a 0xff tag value, a different vulnerability than CVE-2016-2530.

4.3
2016-02-28 CVE-2016-2530 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark

The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.10 and 2.0.x before 2.0.2 mishandles the case of an unrecognized TLV type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet, a different vulnerability than CVE-2016-2531.

4.3
2016-02-28 CVE-2016-2529 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark 2.0.0/2.0.1

The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.

4.3
2016-02-28 CVE-2016-2528 Wireshark Improper Input Validation vulnerability in Wireshark 2.0.0/2.0.1

The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in the LBMC dissector in Wireshark 2.0.x before 2.0.2 does not validate length values, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted packet.

4.3
2016-02-28 CVE-2016-2527 Wireshark Improper Input Validation vulnerability in Wireshark 2.0.0/2.0.1

wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) via a crafted file.

4.3
2016-02-28 CVE-2016-2526 Wireshark Improper Input Validation vulnerability in Wireshark 2.0.0/2.0.1

epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark 2.0.x before 2.0.2 does not validate the data type, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

4.3
2016-02-28 CVE-2016-2525 Wireshark Improper Input Validation vulnerability in Wireshark 2.0.0/2.0.1

epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet.

4.3
2016-02-28 CVE-2016-2524 Wireshark Improper Input Validation vulnerability in Wireshark 2.0.0/2.0.1

epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark 2.0.x before 2.0.2 mishandles the algorithm ID, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

4.3
2016-02-28 CVE-2016-2522 Wireshark Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Wireshark 2.0.0/2.0.1

The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 2.0.x before 2.0.2 does not verify that a certain length is nonzero, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.

4.3
2016-02-23 CVE-2016-1157 LOG Chat Project Cross-Site Scripting vulnerability in Log-Chat Project Log-Chat 1.0

Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Log-Chat before 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2016-02-22 CVE-2016-2037 GNU
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The cpio_safer_name_suffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted cpio file.

4.3
2016-02-22 CVE-2016-0725 Fedoraproject
Moodle
Cross-Site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted search string.

4.3
2016-02-22 CVE-2015-5337 Moodle Cross-Site Scripting vulnerability in Moodle

Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly restrict the availability of Flowplayer, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted .swf file.

4.3
2016-02-22 CVE-2015-5335 Moodle Cross-Site Request Forgery (CSRF) vulnerability in Moodle

Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL.

4.3
2016-02-22 CVE-2015-3275 Moodle Cross-Site Scripting vulnerability in Moodle

Multiple cross-site scripting (XSS) vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allow remote attackers to inject arbitrary web script or HTML via a crafted organization name to (1) mod/scorm/player.php or (2) mod/scorm/prereqs.php.

4.3
2016-02-22 CVE-2015-3274 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in the user_get_user_details function in user/lib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to inject arbitrary web script or HTML by leveraging absence of an external_format_text call in a web service.

4.3
2016-02-25 CVE-2016-0706 Canonical
Debian
Apache
Information Exposure vulnerability in multiple products

Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 does not place org.apache.catalina.manager.StatusManagerServlet on the org/apache/catalina/core/RestrictedServlets.properties list, which allows remote authenticated users to bypass intended SecurityManager restrictions and read arbitrary HTTP requests, and consequently discover session ID values, via a crafted web application.

4.0
2016-02-25 CVE-2015-5174 Debian
Apache
Canonical
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /..

4.0
2016-02-22 CVE-2016-2232 Digium Denial of Service vulnerability in Multiple Asterisk Products

Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before 13.7.1 and Certified Asterisk 1.8.28, 11.6 before 11.6-cert12, and 13.1 before 13.1-cert3 allow remote authenticated users to cause a denial of service (uninitialized pointer dereference and crash) via a zero length error correcting redundancy packet for a UDPTL FAX packet that is lost.

4.0
2016-02-22 CVE-2016-0724 Moodle
Fedoraproject
Permissions, Privileges, and Access Controls vulnerability in multiple products

The (1) core_enrol_get_course_enrolment_methods and (2) enrol_self_get_instance_info web services in Moodle through 2.6.11, 2.7.x before 2.7.12, 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 do not consider the moodle/course:viewhiddencourses capability, which allows remote authenticated users to obtain sensitive information via a web-service request.

4.0
2016-02-22 CVE-2015-5342 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote authenticated users to bypass intended access restrictions by visiting a URL to add or delete responses in the closed state.

4.0
2016-02-22 CVE-2015-5341 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 mishandles availability dates, which allows remote authenticated users to bypass intended access restrictions and read SCORM contents via unspecified vectors.

4.0
2016-02-22 CVE-2015-5340 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) badges/overview.php or (2) badges/view.php.

4.0
2016-02-22 CVE-2015-5339 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

The core_enrol_get_enrolled_users web service in enrol/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly implement group-based access restrictions, which allows remote authenticated users to obtain sensitive course-participant information via a web-service request.

4.0
2016-02-22 CVE-2015-5331 Moodle 7PK - Security Features vulnerability in Moodle 2.9.0/2.9.1/2.9.2

Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API.

4.0
2016-02-22 CVE-2015-5272 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants."

4.0
2016-02-22 CVE-2015-5268 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 mishandles group-based authorization checks, which allows remote authenticated users to obtain sensitive information by reading a rating value.

4.0
2016-02-22 CVE-2015-5265 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle

The wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 does not consider the mod/wiki:managefiles capability before authorizing file management, which allows remote authenticated users to delete arbitrary files by using a manage-files button in a text editor.

4.0
2016-02-22 CVE-2015-3273 Moodle Permissions, Privileges, and Access Controls vulnerability in Moodle 2.9.0

mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated users to bypass intended access restrictions by leveraging per-group authorization.

4.0

2 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-02-22 CVE-2015-5336 Moodle Cross-Site Scripting vulnerability in Moodle

Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey answer.

3.5
2016-02-22 CVE-2015-5269 Moodle Cross-Site Scripting vulnerability in Moodle

Cross-site scripting (XSS) vulnerability in group/overview.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to inject arbitrary web script or HTML via a modified grouping description.

3.5