FreeBSD : moodle -- multiple vulnerabilities (82b3ca2a-8c07-11e5-bd18-002590263bf5)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Moodle Release Notes report :

MSA-15-0037 Possible to send a message to a user who blocked messages
from non contacts

MSA-15-0038 DDoS possibility in Atto

MSA-15-0039 CSRF in site registration form

MSA-15-0040 Student XSS in survey

MSA-15-0041 XSS in flash video player

MSA-15-0042 CSRF in lesson login form

MSA-15-0043 Web service core_enrol_get_enrolled_users does not respect
course group mode

MSA-15-0044 Capability to view available badges is not respected

MSA-15-0045 SCORM module allows to bypass access restrictions based on
date

MSA-15-0046 Choice module closing date can be bypassed

See also :

https://docs.moodle.org/dev/Moodle_2.7.11_release_notes
https://docs.moodle.org/dev/Moodle_2.8.9_release_notes
https://docs.moodle.org/dev/Moodle_2.9.3_release_notes
http://www.nessus.org/u?1de1405a

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 86879 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now