CVE-2008-1502

Related Files

Mandriva Linux Security Advisory 2009-265

Posted Oct 12, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-265 - The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols. This update fixes this vulnerability.

tags | advisory, remote, php, protocol, xss

systems | linux, mandriva

advisories | CVE-2008-1502

SHA-256 | 36a689eb68f1cedd3c16715e45a27e48b89433e55d508e9574667141eb5eb607

Download | Favorite | View

Debian Linux Security Advisory 1871-2

Posted Aug 27, 2009

Authored by Debian | Site debian.org

Debian Security Advisory 1871-2 - The previous wordpress update introduced a regression when fixing CVE-2008-4769 due to a function that was not backported with the patch. Please note that this regression only affects the oldstable distribution (etch).

tags | advisory

systems | linux, debian

advisories | CVE-2008-6762, CVE-2008-6767, CVE-2009-2334, CVE-2009-2854, CVE-2009-2851, CVE-2009-2853, CVE-2008-1502, CVE-2008-4106, CVE-2008-4769, CVE-2008-4796, CVE-2008-5113

SHA-256 | 565a2e4f05dcf7aeeb6e8faf612d43fcbf48f13dfbd682a6ec3e14c0ad64284d

Download | Favorite | View

Debian Linux Security Advisory 1871-1

Posted Aug 24, 2009

Authored by Debian | Site debian.org

Debian Security Advisory 1871-1 - Several vulnerabilities have been discovered in wordpress, weblog manager.

tags | advisory, vulnerability

systems | linux, debian

advisories | CVE-2008-6762, CVE-2008-6767, CVE-2009-2334, CVE-2009-2854, CVE-2009-2851, CVE-2009-2853, CVE-2008-1502, CVE-2008-4106, CVE-2008-4769, CVE-2008-4796, CVE-2008-5113

SHA-256 | 6af8225de9c2ad14b5d9a8665a5efa8f8b2bde9a73d41b32acb094faf63cf6c8

Download | Favorite | View

Debian Linux Security Advisory 1691-1

Posted Dec 30, 2008

Authored by Debian | Site debian.org

Debian Security Advisory 1691-1 - Several remote vulnerabilities have been discovered in Moodle, an online course management system. The following issues are addressed in this update, ranging from cross site scripting to remote code execution.

tags | advisory, remote, vulnerability, code execution, xss

systems | linux, debian

advisories | CVE-2007-3555, CVE-2008-1502, CVE-2008-3325, CVE-2008-3326, CVE-2008-4796, CVE-2008-4810, CVE-2008-4811, CVE-2008-5432

SHA-256 | 157ae4c1f93c80363f5da2039e5008842435f365223797ef677fa7894c54dcf7

Download | Favorite | View

Ubuntu Security Notice 658-1

Posted Oct 23, 2008

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 658-1 - Lukasz Pilorz discovered that the HTML filtering used in Moodle was not strict enough. A remote attacker could send malicious requests to Moodle and execute arbitrary code as the web server user.

tags | advisory, remote, web, arbitrary

systems | linux, ubuntu

advisories | CVE-2008-1502, CVE-2008-1502

SHA-256 | 463dc3129946c8801ad3f53932d1e5663671a843966eb9ac13b16ae8d1ffe420

Download | Favorite | View

Gentoo Linux Security Advisory 200805-4

Posted May 8, 2008

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200805-04 - A vulnerability has been reported in FCKEditor due to the way that file uploads are handled in the file editor/filemanager/upload/php/upload.php when a filename has multiple file extensions (CVE-2008-2041). Another vulnerability exists in the _bad_protocol_once() function in the file phpgwapi/inc/class.kses.inc.php, which allows remote attackers to bypass HTML filtering (CVE-2008-1502). Versions less than 1.4.004 are affected.

tags | advisory, remote, php, file upload

systems | linux, gentoo

advisories | CVE-2008-1502, CVE-2008-2041

SHA-256 | 63852d21463be551da25c5039c1326ae79dcc6b1b3c3d0e17184432653a0e712

Download | Favorite | View