FreeBSD : moodle -- multiple vulnerabilities (a430e15d-f93f-11e5-92ce-002590263bf5)

Medium Nessus Plugin ID 90337


The remote FreeBSD host is missing one or more security-related updates.


Marina Glancy reports :

- MSA-16-0003: Incorrect capability check when displaying users emails in Participants list

- MSA-16-0004: XSS from profile fields from external db

- MSA-16-0005: Reflected XSS in mod_data advanced search

- MSA-16-0006: Hidden courses are shown to students in Event Monitor

- MSA-16-0007: Non-Editing Instructor role can edit exclude checkbox in Single View

- MSA-16-0008: External function get_calendar_events return events that pertains to hidden activities

- MSA-16-0009: CSRF in Assignment plugin management page

- MSA-16-0010: Enumeration of category details possible without authentication

- MSA-16-0011: Add no referrer to links with _blank target attribute

- MSA-16-0012: External function mod_assign_save_submission does not check due dates


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 90337

File Name: freebsd_pkg_a430e15df93f11e592ce002590263bf5.nasl

Version: $Revision: 2.3 $

Type: local

Published: 2016/04/05

Modified: 2016/10/19

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P


Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:moodle28, p-cpe:/a:freebsd:freebsd:moodle29, p-cpe:/a:freebsd:freebsd:moodle30, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2016/04/03

Vulnerability Publication Date: 2016/03/21

Reference Information

CVE: CVE-2016-2151, CVE-2016-2152, CVE-2016-2153, CVE-2016-2154, CVE-2016-2155, CVE-2016-2156, CVE-2016-2157, CVE-2016-2158, CVE-2016-2159, CVE-2016-2190