Moodle Chile Servicios Moodle en Chile

MSA-12-0061: Remote code execution through Portfolio API

by Michael de Raadt.

...

Topic:	Portfolio plugin: Local File Inclusion (LFI) and the possibility of Remote Command Execution (RCE).
Severity/Risk:	Serious
Versions affected:	2.3 to 2.3.2+, 2.2 to 2.2.5+, 2.1 to 2.1.8+
Reported by:	Cristobal Leiva
Issue no.:	MDL-33791
CVE Identifier:	CVE-2012-5479
Changes (master):	http://git.moodle.org/gw?p=moodle.git&a=s

MSA-12-0060: Cross-site scripting vulnerability in YUI2

by Michael de Raadt.

...

Topic:	yui2 swf vulnerability
Severity/Risk:	Serious
Versions affected:	2.3 to 2.3.2+, 2.2 to 2.2.5+, 2.1 to 2.1.8+ 1.9 to 1.9.18+
Reported by:	Petr Škoda, Jenny Donnelly
Issue no.:	MDL-36346
CVE Identifier:	CVE-2012-5475
Workaround:	Delete YUI SWF files
Changes (master):	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&amp

MSA-12-0059: Information leak in Database activity module

by Michael de Raadt.

...

Topic:	Members of seperate groups can see Database activity entries for other groups
Severity/Risk:	Minor
Versions affected:	2.3 to 2.3.2+, 2.2 to 2.2.5+, 2.1 to 2.1.8+
Reported by:	Richard Meyer
Issue no.:	MDL-34448
CVE Identifier:	CVE-2012-5473
Changes (master):	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=co

MSA-12-0058: Possible form data manipulation issue

by Michael de Raadt.

Topic:	add setConstant() for hardfreeze element
Severity/Risk:	Minor
Versions affected:	2.3 to 2.3.2+, 2.2 to 2.2.5+
Reported by:	Rossiani Wijaya
Issue no.:	MDL-32785
CVE Identifier:	CVE-2012-5472
Changes (master):	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32785

Description:

Frozen form...

Página 37 de 38