Month: noviembre 2018

MySQL vulnerabilities CVE-2018-3276, CVE-2018-3277, CVE-2018-3278, CVE-2018-3279, and CVE-2018-3280. Security Advisory. ... More info: https://support.f5.com/csp/article/K04320238

More info: https://wpvulndb.com/vulnerabilities/9149

We wanted to post a quick acknowledgement that VMware has representatives in attendance at the Tianfu Cup PWN Contest in Chengdu, China to review any vulnerabilities that may be demonstrated during the contest. We would like to thank the organisers for inviting us to attend. Stay tuned for further updates. As always please sign up […]The post VMware and the Tianfu Cup PWN Contest appeared first on VMware Security & Compliance Blog. More info: https://blogs.vmware.com/security/2018/11/vmware-and-the-tianfu-cup-pwn-contest.html

http://feedproxy.google.com/~r/sucuri/blog/~3/t9gULVESbkA/real-time-fine-tuning-of-the-waf-via-api.html Though the Sucuri Firewall is simple to set up and protects your website immediately, it’s possible to have granular control of the WAF by using an API. For instance, there’s a specific filter inside the WAF dashboard called Emergency DDoS. This filter basically increases the strength of the DDoS protection to an “emergency” level […] More info: http://feedproxy.google.com/~r/sucuri/blog/~3/t9gULVESbkA/real-time-fine-tuning-of-the-waf-via-api.html

https://wpvulndb.com/vulnerabilities/9149 More info: https://wpvulndb.com/vulnerabilities/9149

https://wpvulndb.com/vulnerabilities/9149 More info: https://wpvulndb.com/vulnerabilities/9149

di Michael Hawkins. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank.Severity/Risk:MinorVersions affected:3.5, 3.4 to 3.4.3, 3.3 to 3.3.6, 3.2 to 3.2.9, 3.1 to 3.1.12 and earlier unsupported versionsVersions fixed:3.5.1, 3.4.4, 3.3.7, 3.1.13Reported by:Les BellCVE identifier:CVE-2018-10891Changes More info: https://moodle.org/mod/forum/discuss.php?d=373371&parent=1505294

di Marina Glancy. Authenticated user are allowed to add HTML blocks containing scripts to their Dashboard and this is normally not a security issue because personal dashboard is visible to this user only. Through this security vulnerability users can move such block to other pages where they can be viewed by other users.Severity/Risk:SeriousVersions affected:3.4 to 3.4.2, 3.3 to 3.3.5, 3.2 to 3.2.8, 3.1 to 3.1.11 and earlier unsupported versionsVersions fixed:3.5, 3.4.3, 3.3.6, 3.2.9 and More info: https://moodle.org/mod/forum/discuss.php?d=371202&parent=1496356

di Michael Hawkins. No option existed to omit logs from data privacy exports, which may contain details of other users who interacted with the requester. Note this may be a serious privacy consideration for sites processing data exports.Severity/Risk:MinorVersions affected:3.5, 3.4.3, 3.3 to 3.3.6Versions fixed:3.5.1, 3.4.4, 3.3.7Reported by:Ralf HilgenstockCVE identifier:CVE-2018-10889Changes More info: https://moodle.org/mod/forum/discuss.php?d=373369&parent=1505292

di Marina Glancy. Students who posted on forum and exported the post to portfolios can download any stored Moodle file by changing download URLSeverity/Risk:MinorVersions affected:3.4 to 3.4.2, 3.3 to 3.3.5, 3.2 to 3.2.8, 3.1 to 3.1.11 and earlier unsupported versionsVersions fixed:3.5, 3.4.3, 3.3.6, 3.2.9 and 3.1.12Reported by:Brendan CoxWorkaround:Disable portfolios until the fix is applied. Portfolios are disabled by default in MoodleCVE identifier:CVE-2018-1135Changes More info: https://moodle.org/mod/forum/discuss.php?d=371201&parent=1496355