10 - USN-791-1

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	Moodle vulnerabilities

Informations
Name	USN-791-1	First vendor Publication	2009-06-24
Vendor	Ubuntu	Last vendor Modification	2009-06-24
Severity (Vendor)	N/A	Revision	N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score	10	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS Ubuntu 8.10

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 8.04 LTS:
moodle 1.8.2-1ubuntu4.2

Ubuntu 8.10:
moodle 1.8.2-1.2ubuntu2.1

After a standard system upgrade you need to access the Moodle instance and accept the database update to clear any invalid cached data.

Details follow:

Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. (CVE-2007-3215)

Nigel McNie discovered that fetching https URLs did not correctly escape shell meta-characters. An authenticated remote attacker could execute arbitrary commands as the web server user, if curl was installed and configured. (CVE-2008-4796, MSA-09-0003)

It was discovered that Smarty (also included in Moodle), did not correctly filter certain inputs. An authenticated remote attacker could exploit this to execute arbitrary PHP commands as the web server user. (CVE-2008-4810, CVE-2008-4811, CVE-2009-1669)

It was discovered that the unused SpellChecker extension in Moodle did not correctly handle temporary files. If the tool had been locally modified, it could be made to overwrite arbitrary local files via symlinks. (CVE-2008-5153)

Mike Churchward discovered that Moodle did not correctly filter Wiki page titles in certain areas. An authenticated remote attacker could exploit this to cause cross-site scripting (XSS), which could be used to modify or steal confidential data of other users within the same web domain. (CVE-2008-5432, MSA-08-0022)

It was discovered that the HTML sanitizer, "Login as" feature, and logging in Moodle did not correctly handle certain inputs. An authenticated remote attacker could exploit this to generate XSS, which could be used to modify or steal confidential data of other users within the same web domain. (CVE-2008-5619, CVE-2009-0500, CVE-2009-0502, MSA-08-0026, MSA-09-0004, MSA-09-0007)

It was discovered that the HotPot module in Moodle did not correctly filter SQL inputs. An authenticated remote attacker could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service. (CVE-2008-6124, MSA-08-0010)

Kevin Madura discovered that the forum actions and messaging settings in Moodle were not protected from cross-site request forgery (CSRF). If an authenticated user were tricked into visiting a malicious website while logged into Moodle, a remote attacker could change the user's configurations or forum content. (CVE-2009-0499, MSA-09-0008, MSA-08-0023)

Daniel Cabezas discovered that Moodle would leak usernames from the Calendar Export tool. A remote attacker could gather a list of users, leading to a loss of privacy. (CVE-2009-0501, MSA-09-0006)

Christian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy. (CVE-2009-1171, MSA-09-0009)

Johannes Kuhn discovered that Moodle did not correctly validate user permissions when attempting to switch user accounts. An authenticated remote attacker could switch to any other Moodle user, leading to a loss of privacy. (MSA-08-0003)

Hanno Boeck discovered that unconfigured Moodle instances contained XSS vulnerabilities. An unauthenticated remote attacker could exploit this to modify or steal confidential data of other users within the same web domain. (MSA-08-0004)

Debbie McDonald, Mauno Korpelainen, Howard Miller, and Juan Segarra Montesinos discovered that when users were deleted from Moodle, their profiles and avatars were still visible. An authenticated remote attacker could exploit this to store information in profiles even after they were removed, leading to spam traffic. (MSA-08-0015, MSA-09-0001, MSA-09-0002)

Lars Vogdt discovered that Moodle did not correctly filter certain inputs. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. (MSA-08-0021)

It was discovered that Moodle did not correctly filter inputs for group creation, mnet, essay question, HOST param, wiki param, and others. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. (MDL-9288, MDL-11759, MDL-12079, MDL-12793, MDL-14806)

It was discovered that Moodle did not correctly filter SQL inputs when performing a restore. An attacker authenticated as a Moodle administrator could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service. (MDL-11857)

Original Source

Url : http://www.ubuntu.com/usn/USN-791-1

CAPEC : Common Attack Pattern Enumeration & Classification

Id	Name
CAPEC-6	Argument Injection
CAPEC-15	Command Delimiters
CAPEC-43	Exploiting Multiple Input Interpretation Layers
CAPEC-88	OS Command Injection
CAPEC-108	Command Line Execution through SQL Injection

CWE : Common Weakness Enumeration

%	Id	Name
25 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
17 %	CWE-94	Failure to Control Generation of Code ('Code Injection')
17 %	CWE-20	Improper Input Validation
8 %	CWE-352	Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)
8 %	CWE-264	Permissions, Privileges, and Access Controls
8 %	CWE-89	Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)
8 %	CWE-78	Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25)
8 %	CWE-59	Improper Link Resolution Before File Access ('Link Following')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13108

Oval ID:	oval:org.mitre.oval:def:13108
Title:	DSA-1919-1 smarty -- several
Description:	Several remote vulnerabilities have been discovered in Smarty, a PHP templating engine. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4810 The _expand_quoted_text function allows for certain restrictions in templates, like function calling and PHP execution, to be bypassed. CVE-2009-1669 The smarty_function_math function allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. For the old stable distribution, these problems have been fixed in version 2.6.14-1etch2. For the stable distribution, these problems have been fixed in version 2.6.20-1.2. For the unstable distribution, these problems will be fixed soon. We recommend that you upgrade your smarty package.
Family:	unix	Class:	patch
Reference(s):	DSA-1919-1 CVE-2008-4810 CVE-2009-1669	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	smarty
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND smarty DPKG is earlier than 2.6.20-1.2 OR Release section Debian GNU/Linux 4.0 is installed. AND Installed architecture is all AND smarty DPKG is earlier than 2.6.14-1etch2

Definition Id: oval:org.mitre.oval:def:13316

Oval ID:	oval:org.mitre.oval:def:13316
Title:	USN-791-2 -- moodle vulnerability
Description:	Christian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy
Family:	unix	Class:	patch
Reference(s):	USN-791-2 CVE-2009-1171	Version:	5
Platform(s):	Ubuntu 9.04	Product(s):	moodle
Definition Synopsis:
Ubuntu 9.04 is installed AND Installed architecture is all AND moodle DPKG is earlier than 1.9.4.dfsg-0ubuntu1.1

Definition Id: oval:org.mitre.oval:def:13560

Oval ID:	oval:org.mitre.oval:def:13560
Title:	DSA-1919-2 smarty -- several
Description:	A regression was found in the patch applied in DSA 1919-1 to smarty, which caused compilation failures on some specific templates. This update corrects the fix. For reference, the full advisory text below. Several remote vulnerabilities have been discovered in Smarty, a PHP templating engine. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-4810 The _expand_quoted_text function allows for certain restrictions in templates, like function calling and PHP execution, to be bypassed. CVE-2009-1669 The smarty_function_math function allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. For the stable distribution, this problem has been fixed in version 2.6.20-1.3. The testing and unstable distribution are not affected by this regression. We recommend that you upgrade your smarty package.
Family:	unix	Class:	patch
Reference(s):	DSA-1919-2 CVE-2008-4810 CVE-2009-1669	Version:	5
Platform(s):	Debian GNU/Linux 5.0	Product(s):	smarty
Definition Synopsis:
Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND smarty DPKG is earlier than 2.6.20-1.3

Definition Id: oval:org.mitre.oval:def:13572

Oval ID:	oval:org.mitre.oval:def:13572
Title:	DSA-1724-1 moodle -- several vulnerabilities
Description:	Several vulnerabilities have been discovered in Moodle, an online course management system. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-0500 It was discovered that the information stored in the log tables was not properly sanitised, which could allow attackers to inject arbitrary web code. CVE-2009-0502 It was discovered that certain input via the "Login as" function was not properly sanitised leading to the injection of arbitrary web script. CVE-2008-5153 Dmitry E. Oboukhov discovered that the SpellCheker plugin creates temporary files insecurely, allowing a denial of service attack. Since the plugin was unused, it is removed in this update. For the stable distribution these problems have been fixed in version 1.6.3-2+etch2. For the testing distribution these problems have been fixed in version 1.8.2.dfsg-3+lenny1. For the unstable distribution these problems have been fixed in version 1.8.2.dfsg-4. We recommend that you upgrade your moodle package.
Family:	unix	Class:	patch
Reference(s):	DSA-1724-1 CVE-2009-0500 CVE-2009-0502 CVE-2008-5153	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	moodle
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND Installed architecture is all AND moodle DPKG is earlier than 1.6.3-2+etch2

Definition Id: oval:org.mitre.oval:def:13687

Oval ID:	oval:org.mitre.oval:def:13687
Title:	USN-791-1 -- moodle vulnerabilities
Description:	Thor Larholm discovered that PHPMailer, as used by Moodle, did not correctly escape email addresses. A local attacker with direct access to the Moodle database could exploit this to execute arbitrary commands as the web server user. Nigel McNie discovered that fetching https URLs did not correctly escape shell meta-characters. An authenticated remote attacker could execute arbitrary commands as the web server user, if curl was installed and configured. It was discovered that Smarty, did not correctly filter certain inputs. An authenticated remote attacker could exploit this to execute arbitrary PHP commands as the web server user. It was discovered that the unused SpellChecker extension in Moodle did not correctly handle temporary files. If the tool had been locally modified, it could be made to overwrite arbitrary local files via symlinks. Mike Churchward discovered that Moodle did not correctly filter Wiki page titles in certain areas. An authenticated remote attacker could exploit this to cause cross-site scripting, which could be used to modify or steal confidential data of other users within the same web domain. It was discovered that the HTML sanitizer, "Login as" feature, and logging in Moodle did not correctly handle certain inputs. An authenticated remote attacker could exploit this to generate XSS, which could be used to modify or steal confidential data of other users within the same web domain. It was discovered that the HotPot module in Moodle did not correctly filter SQL inputs. An authenticated remote attacker could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service. Kevin Madura discovered that the forum actions and messaging settings in Moodle were not protected from cross-site request forgery. If an authenticated user were tricked into visiting a malicious website while logged into Moodle, a remote attacker could change the user�s configurations or forum content. Daniel Cabezas discovered that Moodle would leak usernames from the Calendar Export tool. A remote attacker could gather a list of users, leading to a loss of privacy. Christian Eibl discovered that the TeX filter in Moodle allowed any function to be used. An authenticated remote attacker could post a specially crafted TeX formula to execute arbitrary TeX functions, potentially reading any file accessible to the web server user, leading to a loss of privacy. Johannes Kuhn discovered that Moodle did not correctly validate user permissions when attempting to switch user accounts. An authenticated remote attacker could switch to any other Moodle user, leading to a loss of privacy. Hanno Boeck discovered that unconfigured Moodle instances contained XSS vulnerabilities. An unauthenticated remote attacker could exploit this to modify or steal confidential data of other users within the same web domain. Debbie McDonald, Mauno Korpelainen, Howard Miller, and Juan Segarra Montesinos discovered that when users were deleted from Moodle, their profiles and avatars were still visible. An authenticated remote attacker could exploit this to store information in profiles even after they were removed, leading to spam traffic. Lars Vogdt discovered that Moodle did not correctly filter certain inputs. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. It was discovered that Moodle did not correctly filter inputs for group creation, mnet, essay question, HOST param, wiki param, and others. An authenticated remote attacker could exploit this to generate XSS from which they could modify or steal confidential data of other users within the same web domain. It was discovered that Moodle did not correctly filter SQL inputs when performing a restore. An attacker authenticated as a Moodle administrator could execute arbitrary SQL commands as the moodle database user, leading to a loss of privacy or denial of service
Family:	unix	Class:	patch
Reference(s):	USN-791-1 CVE-2007-3215 CVE-2008-4796 CVE-2008-4810 CVE-2008-4811 CVE-2009-1669 CVE-2008-5153 CVE-2008-5432 CVE-2008-5619 CVE-2009-0500 CVE-2009-0502 CVE-2008-6124 CVE-2009-0499 CVE-2009-0501 CVE-2009-1171	Version:	5
Platform(s):	Ubuntu 8.10 Ubuntu 8.04	Product(s):	moodle
Definition Synopsis:
Release section Ubuntu 8.10 is installed AND Installed architecture is all AND moodle DPKG is earlier than 1.8.2-1.2ubuntu2.1 OR Release section Ubuntu 8.04 is installed AND Installed architecture is all AND moodle DPKG is earlier than 1.8.2-1ubuntu4.2

Definition Id: oval:org.mitre.oval:def:13700

Oval ID:	oval:org.mitre.oval:def:13700
Title:	DSA-1761-1 moodle -- missing input sanitisation
Description:	Christian J. Eibl discovered that the TeX filter of Moodle, a web-based course management system, doesn’t check user input for certain TeX commands which allows an attacker to include and display the content of arbitrary system files. Note that this doesn’t affect installations that only use the mimetex environment. For the oldstable distribution, this problem has been fixed in version 1.6.3-2+etch3. For the stable distribution, this problem has been fixed in version 1.8.2.dfsg-3+lenny2. For the testing distribution, this problem will be fixed soon. For the unstable distribution, this problem has been fixed in version 1.8.2.dfsg-5. We recommend that you upgrade your moodle packages.
Family:	unix	Class:	patch
Reference(s):	DSA-1761-1 CVE-2009-1171	Version:	5
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	moodle
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND moodle DPKG is earlier than 1.8.2.dfsg-3+lenny2 OR Release section Debian GNU/Linux 4.0 is installed. AND Installed architecture is all AND moodle DPKG is earlier than 1.6.3-2+etch3

Definition Id: oval:org.mitre.oval:def:13807

Oval ID:	oval:org.mitre.oval:def:13807
Title:	USN-791-3 -- smarty vulnerability
Description:	It was discovered that Smarty did not correctly filter certain math inputs. A remote attacker using Smarty via a web service could exploit this to execute subsets of shell commands as the web server user.
Family:	unix	Class:	patch
Reference(s):	USN-791-3 CVE-2009-1669	Version:	5
Platform(s):	Ubuntu 9.04	Product(s):	smarty
Definition Synopsis:
Ubuntu 9.04 is installed AND Installed architecture is all AND smarty DPKG is earlier than 2.6.22-1ubuntu1.1

Definition Id: oval:org.mitre.oval:def:20060

Oval ID:	oval:org.mitre.oval:def:20060
Title:	DSA-1691-1 moodle - several vulnerabilities
Description:	Several remote vulnerabilities have been discovered in Moodle, an online course management system. The following issues are addressed in this update, ranging from cross site scripting to remote code execution.
Family:	unix	Class:	patch
Reference(s):	DSA-1691-1 CVE-2007-3555 CVE-2008-1502 CVE-2008-3325 CVE-2008-3326 CVE-2008-4796 CVE-2008-4810 CVE-2008-4811 CVE-2008-5432	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	moodle
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND moodle DPKG is earlier than 0:1.6.3-2+etch1

Definition Id: oval:org.mitre.oval:def:20428

Oval ID:	oval:org.mitre.oval:def:20428
Title:	DSA-1315-1 libphp-phpmailer
Description:	Thor Larholm discovered that libphp-phpmailer, an email transfer class for PHP, performs insufficient input validition if configured to use Sendmail. This allows the execution of arbitrary shell commands.
Family:	unix	Class:	patch
Reference(s):	DSA-1315-1 CVE-2007-3215	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	libphp-phpmailer
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND libphp-phpmailer DPKG is earlier than 0:1.73-2etch1

Definition Id: oval:org.mitre.oval:def:7911

Oval ID:	oval:org.mitre.oval:def:7911
Title:	DSA-1919 smarty -- several vulnerabilities
Description:	Several remote vulnerabilities have been discovered in Smarty, a PHP templating engine. The Common Vulnerabilities and Exposures project identifies the following problems: The _expand_quoted_text function allows for certain restrictions in templates, like function calling and PHP execution, to be bypassed. The smarty_function_math function allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function.
Family:	unix	Class:	patch
Reference(s):	DSA-1919 CVE-2008-4810 CVE-2009-1669	Version:	3
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	smarty
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND smarty is earlier than 2.6.20-1.2 OR Release section Debian GNU/Linux 4.0 is installed. AND Installed architecture is all AND smarty is earlier than 2.6.14-1etch2

Definition Id: oval:org.mitre.oval:def:7916

Oval ID:	oval:org.mitre.oval:def:7916
Title:	DSA-1761 moodle -- missing input sanitisation
Description:	Christian J. Eibl discovered that the TeX filter of Moodle, a web-based course management system, doesn't check user input for certain TeX commands which allows an attacker to include and display the content of arbitrary system files. Note that this doesn't affect installations that only use the mimetex environment.
Family:	unix	Class:	patch
Reference(s):	DSA-1761 CVE-2009-1171	Version:	3
Platform(s):	Debian GNU/Linux 5.0 Debian GNU/Linux 4.0	Product(s):	moodle
Definition Synopsis:
Release section Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND moodle is earlier than 1.8.2.dfsg-3+lenny2 OR Release section Debian GNU/Linux 4.0 is installed. AND Installed architecture is all AND moodle is earlier than 1.6.3-2+etch3

Definition Id: oval:org.mitre.oval:def:7939

Oval ID:	oval:org.mitre.oval:def:7939
Title:	DSA-1691 moodle -- several vulnerabilities
Description:	Several remote vulnerabilities have been discovered in Moodle, an online course management system. The following issues are addressed in this update, ranging from cross site scripting to remote code execution. Various cross site scripting issues in the Moodle codebase (CVE-2008-3326, CVE-2008-3325, CVE-2007-3555, CVE-2008-5432, MSA-08-0021, MDL-8849, MDL-12793, MDL-11414, MDL-14806, MDL-10276). Various cross site request forgery issues in the Moodle codebase (CVE-2008-3325, MSA-08-0023). Privilege escalation bugs in the Moodle codebase (MSA-08-0001, MDL-7755). SQL injection issue in the hotpot module (MSA-08-0010). An embedded copy of Smarty had several vulnerabilities (CVE-2008-4811, CVE-2008-4810). An embedded copy of Snoopy was vulnerable to cross site scripting (CVE-2008-4796). An embedded copy of Kses was vulnerable to cross site scripting (CVE-2008-1502).
Family:	unix	Class:	patch
Reference(s):	DSA-1691 CVE-2007-3555 CVE-2008-1502 CVE-2008-3325 CVE-2008-3326 CVE-2008-4796 CVE-2008-4810 CVE-2008-4811 CVE-2008-5432	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	moodle
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND Installed architecture is all AND moodle is earlier than 1.6.3-2+etch1

Definition Id: oval:org.mitre.oval:def:8102

Oval ID:	oval:org.mitre.oval:def:8102
Title:	DSA-1724 moodle -- several vulnerabilities
Description:	Several vulnerabilities have been discovered in Moodle, an online course management system. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered that the information stored in the log tables was not properly sanitised, which could allow attackers to inject arbitrary web code. It was discovered that certain input via the "Login as" function was not properly sanitised leading to the injection of arbitrary web script. Dmitry E. Oboukhov discovered that the SpellCheker plugin creates temporary files insecurely, allowing a denial of service attack. Since the plugin was unused, it is removed in this update.
Family:	unix	Class:	patch
Reference(s):	DSA-1724 CVE-2009-0500 CVE-2009-0502 CVE-2008-5153	Version:	3
Platform(s):	Debian GNU/Linux 4.0	Product(s):	moodle
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND Installed architecture is all AND moodle is earlier than 1.6.3-2+etch2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Moodle cpe:2.3:a:moodle:moodle:1.9.4:::::::* cpe:2.3:a:moodle:moodle:1.9.3:::::::* cpe:2.3:a:moodle:moodle:1.9.2:::::::* cpe:2.3:a:moodle:moodle:1.9.1:::::::* cpe:2.3:a:moodle:moodle:1.9.0:::::::* cpe:2.3:a:moodle:moodle:1.8.9:::::::* cpe:2.3:a:moodle:moodle:1.8.8:::::::* cpe:2.3:a:moodle:moodle:1.8.7:::::::* cpe:2.3:a:moodle:moodle:1.8.6:::::::* cpe:2.3:a:moodle:moodle:1.8.5:::::::* cpe:2.3:a:moodle:moodle:1.8.4:::::::* cpe:2.3:a:moodle:moodle:1.8.3:::::::* cpe:2.3:a:moodle:moodle:1.8.2:::::::* cpe:2.3:a:moodle:moodle:1.8.14:::::::* cpe:2.3:a:moodle:moodle:1.8.13:::::::* cpe:2.3:a:moodle:moodle:1.8.12:::::::* cpe:2.3:a:moodle:moodle:1.8.11:::::::* cpe:2.3:a:moodle:moodle:1.8.10:::::::* cpe:2.3:a:moodle:moodle:1.8.1:::::::* cpe:2.3:a:moodle:moodle:1.8.0:::::::* cpe:2.3:a:moodle:moodle:1.7.6:::::::* cpe:2.3:a:moodle:moodle:1.7.5:::::::* cpe:2.3:a:moodle:moodle:1.7.4:::::::* cpe:2.3:a:moodle:moodle:1.7.3:::::::* cpe:2.3:a:moodle:moodle:1.7.2:::::::* cpe:2.3:a:moodle:moodle:1.7.1:::::::* cpe:2.3:a:moodle:moodle:1.7.0:::::::* cpe:2.3:a:moodle:moodle:1.6.8:::::::* cpe:2.3:a:moodle:moodle:1.6.7:::::::* cpe:2.3:a:moodle:moodle:1.6.6:::::::* cpe:2.3:a:moodle:moodle:1.6.5:::::::* cpe:2.3:a:moodle:moodle:1.6.4:::::::* cpe:2.3:a:moodle:moodle:1.6.3:::::::* cpe:2.3:a:moodle:moodle:1.6.2:::::::* cpe:2.3:a:moodle:moodle:1.6.1:::::::* cpe:2.3:a:moodle:moodle:1.6.0:::::::* cpe:2.3:a:moodle:moodle:1.5.3:::::::* cpe:2.3:a:moodle:moodle:1.5.2:::::::* cpe:2.3:a:moodle:moodle:1.5.1:::::::* cpe:2.3:a:moodle:moodle:1.5.0:-:::::: cpe:2.3:a:moodle:moodle:1.5.0:beta:::::: cpe:2.3:a:moodle:moodle:1.5_beta:::::::* cpe:2.3:a:moodle:moodle:1.4.5:::::::* cpe:2.3:a:moodle:moodle:1.4.4:::::::* cpe:2.3:a:moodle:moodle:1.4.3:::::::* cpe:2.3:a:moodle:moodle:1.4.2:::::::* cpe:2.3:a:moodle:moodle:1.4.1:::::::* cpe:2.3:a:moodle:moodle:1.3.4:::::::* cpe:2.3:a:moodle:moodle:1.3.3:::::::* cpe:2.3:a:moodle:moodle:1.3.2:::::::* cpe:2.3:a:moodle:moodle:1.3.1:::::::* cpe:2.3:a:moodle:moodle:1.3.0:::::::* cpe:2.3:a:moodle:moodle:1.2.1:::::::* cpe:2.3:a:moodle:moodle:1.2.0:::::::* cpe:2.3:a:moodle:moodle:1.1.1:::::::* cpe:2.3:a:moodle:moodle::::::::	56
Application	Nagios cpe:2.3:a:nagios:nagios:4.2.1:::::::* cpe:2.3:a:nagios:nagios:4.2.0:::::::* cpe:2.3:a:nagios:nagios:4.0.2:::::::* cpe:2.3:a:nagios:nagios:4.0.0:beta1:::::: cpe:2.3:a:nagios:nagios:4.0.0:beta2:::::: cpe:2.3:a:nagios:nagios:4.0.0:beta3:::::: cpe:2.3:a:nagios:nagios:4.0.0:beta4:::::: cpe:2.3:a:nagios:nagios:3.5.1:::::::* cpe:2.3:a:nagios:nagios:3.5.0:::::::* cpe:2.3:a:nagios:nagios:3.4.4:::::::* cpe:2.3:a:nagios:nagios:3.4.3:::::::* cpe:2.3:a:nagios:nagios:3.4.2:::::::* cpe:2.3:a:nagios:nagios:3.4.1:::::::* cpe:2.3:a:nagios:nagios:3.4.0:::::::* cpe:2.3:a:nagios:nagios:3.3.1:::::::* cpe:2.3:a:nagios:nagios:3.2.3:::::::* cpe:2.3:a:nagios:nagios:3.2.2:::::::* cpe:2.3:a:nagios:nagios:3.2.1:::::::* cpe:2.3:a:nagios:nagios:3.2.0:::::::* cpe:2.3:a:nagios:nagios:3.1.2:::::::* cpe:2.3:a:nagios:nagios:3.1.1:::::::* cpe:2.3:a:nagios:nagios:3.1.0:::::::* cpe:2.3:a:nagios:nagios:3.0.6:::::::* cpe:2.3:a:nagios:nagios:3.0.5:::::::* cpe:2.3:a:nagios:nagios:3.0.4:::::::* cpe:2.3:a:nagios:nagios:3.0.3:::::::* cpe:2.3:a:nagios:nagios:3.0.2:::::::* cpe:2.3:a:nagios:nagios:3.0.1:::::::* cpe:2.3:a:nagios:nagios:3.0:beta3:::::: cpe:2.3:a:nagios:nagios:3.0:beta6:::::: cpe:2.3:a:nagios:nagios:3.0:rc2:::::: cpe:2.3:a:nagios:nagios:3.0:alpha1:::::: cpe:2.3:a:nagios:nagios:3.0:alpha4:::::: cpe:2.3:a:nagios:nagios:3.0:alpha3:::::: cpe:2.3:a:nagios:nagios:3.0:::::::* cpe:2.3:a:nagios:nagios:3.0:rc3:::::: cpe:2.3:a:nagios:nagios:3.0:beta1:::::: cpe:2.3:a:nagios:nagios:3.0:beta2:::::: cpe:2.3:a:nagios:nagios:3.0:alpha2:::::: cpe:2.3:a:nagios:nagios:3.0:beta7:::::: cpe:2.3:a:nagios:nagios:3.0:rc1:::::: cpe:2.3:a:nagios:nagios:3.0:beta5:::::: cpe:2.3:a:nagios:nagios:3.0:beta4:::::: cpe:2.3:a:nagios:nagios:3.0:alpha5:::::: cpe:2.3:a:nagios:nagios:2.9:::::::* cpe:2.3:a:nagios:nagios:2.8:::::::* cpe:2.3:a:nagios:nagios:2.7:::::::* cpe:2.3:a:nagios:nagios:2.5:::::::* cpe:2.3:a:nagios:nagios:2.4:::::::* cpe:2.3:a:nagios:nagios:2.3.1:::::::* cpe:2.3:a:nagios:nagios:2.3:::::::* cpe:2.3:a:nagios:nagios:2.2:::::::* cpe:2.3:a:nagios:nagios:2.11:::::::* cpe:2.3:a:nagios:nagios:2.10:::::::* cpe:2.3:a:nagios:nagios:2.1.3:::::::* cpe:2.3:a:nagios:nagios:2.1:::::::* cpe:2.3:a:nagios:nagios:2.0rc2:::::::* cpe:2.3:a:nagios:nagios:2.0rc1:::::::* cpe:2.3:a:nagios:nagios:2.0b6:::::::* cpe:2.3:a:nagios:nagios:2.0b5:::::::* cpe:2.3:a:nagios:nagios:2.0b4:::::::* cpe:2.3:a:nagios:nagios:2.0b3:::::::* cpe:2.3:a:nagios:nagios:2.0b2:::::::* cpe:2.3:a:nagios:nagios:2.0b1:::::::* cpe:2.3:a:nagios:nagios:2.0.2:::::::* cpe:2.3:a:nagios:nagios:2.0.1:::::::* cpe:2.3:a:nagios:nagios:2.0:::::::* cpe:2.3:a:nagios:nagios:1.4.1:::::::* cpe:2.3:a:nagios:nagios:1.4:::::::* cpe:2.3:a:nagios:nagios:1.3:::::::* cpe:2.3:a:nagios:nagios:1.2:::::::* cpe:2.3:a:nagios:nagios:1.1:::::::* cpe:2.3:a:nagios:nagios:1.0b6:::::::* cpe:2.3:a:nagios:nagios:1.0b5:::::::* cpe:2.3:a:nagios:nagios:1.0b4:::::::* cpe:2.3:a:nagios:nagios:1.0b3:::::::* cpe:2.3:a:nagios:nagios:1.0b2:::::::* cpe:2.3:a:nagios:nagios:1.0b1:::::::* cpe:2.3:a:nagios:nagios:1.0_b3:::::::* cpe:2.3:a:nagios:nagios:1.0_b2:::::::* cpe:2.3:a:nagios:nagios:1.0_b1:::::::* cpe:2.3:a:nagios:nagios:1.0:::::::* cpe:2.3:a:nagios:nagios:::::::: cpe:2.3:a:nagios:nagios:-:::::::*	84
Application	Phpmailer cpe:2.3:a:phpmailer:phpmailer:1.73:::::::* cpe:2.3:a:phpmailer:phpmailer:1.7.3:::::::* cpe:2.3:a:phpmailer:phpmailer:1.7.2:::::::* cpe:2.3:a:phpmailer:phpmailer:1.7.1:::::::* cpe:2.3:a:phpmailer:phpmailer:1.7:::::::*	5
Application	Roundcube Webmail cpe:2.3:a:roundcube:webmail:0.2.3:beta:::::: cpe:2.3:a:roundcube:webmail:0.2.1:alpha::::::	2
Application	Smarty cpe:2.3:a:smarty:smarty:2.6.9:::::::* cpe:2.3:a:smarty:smarty:2.6.7:::::::* cpe:2.3:a:smarty:smarty:2.6.6:::::::* cpe:2.3:a:smarty:smarty:2.6.5:::::::* cpe:2.3:a:smarty:smarty:2.6.4:::::::* cpe:2.3:a:smarty:smarty:2.6.3:::::::* cpe:2.3:a:smarty:smarty:2.6.22:::::::* cpe:2.3:a:smarty:smarty:2.6.20:::::::* cpe:2.3:a:smarty:smarty:2.6.2:::::::* cpe:2.3:a:smarty:smarty:2.6.18:::::::* cpe:2.3:a:smarty:smarty:2.6.17:::::::* cpe:2.3:a:smarty:smarty:2.6.16:::::::* cpe:2.3:a:smarty:smarty:2.6.15:::::::* cpe:2.3:a:smarty:smarty:2.6.14:::::::* cpe:2.3:a:smarty:smarty:2.6.13:::::::* cpe:2.3:a:smarty:smarty:2.6.12:::::::* cpe:2.3:a:smarty:smarty:2.6.11:::::::* cpe:2.3:a:smarty:smarty:2.6.10:::::::* cpe:2.3:a:smarty:smarty:2.6.1:::::::* cpe:2.3:a:smarty:smarty:2.6.0:::::::* cpe:2.3:a:smarty:smarty:2.6.0:rc3:::::: cpe:2.3:a:smarty:smarty:2.6.0:rc2:::::: cpe:2.3:a:smarty:smarty:2.6.0:rc1:::::: cpe:2.3:a:smarty:smarty:2.5.0:::::::* cpe:2.3:a:smarty:smarty:2.5.0:rc1:::::: cpe:2.3:a:smarty:smarty:2.5.0:rc2:::::: cpe:2.3:a:smarty:smarty:2.4.2:::::::* cpe:2.3:a:smarty:smarty:2.4.1:::::::* cpe:2.3:a:smarty:smarty:2.4.0:::::::* cpe:2.3:a:smarty:smarty:2.3.1:::::::* cpe:2.3:a:smarty:smarty:2.3.0:::::::* cpe:2.3:a:smarty:smarty:2.2.0:::::::* cpe:2.3:a:smarty:smarty:2.1.1:::::::* cpe:2.3:a:smarty:smarty:2.1.0:::::::* cpe:2.3:a:smarty:smarty:2.0.1:::::::* cpe:2.3:a:smarty:smarty:2.0.0:::::::* cpe:2.3:a:smarty:smarty:1.5.2:::::::* cpe:2.3:a:smarty:smarty:1.5.1:::::::* cpe:2.3:a:smarty:smarty:1.5.0:::::::* cpe:2.3:a:smarty:smarty:1.4.6:::::::* cpe:2.3:a:smarty:smarty:1.4.5:::::::* cpe:2.3:a:smarty:smarty:1.4.4:::::::* cpe:2.3:a:smarty:smarty:1.4.3:::::::* cpe:2.3:a:smarty:smarty:1.4.2:::::::* cpe:2.3:a:smarty:smarty:1.4.1:::::::* cpe:2.3:a:smarty:smarty:1.4.0:::::::* cpe:2.3:a:smarty:smarty:1.4.0:b1:::::: cpe:2.3:a:smarty:smarty:1.4.0:b2:::::: cpe:2.3:a:smarty:smarty:1.3.2:::::::* cpe:2.3:a:smarty:smarty:1.3.1:::::::* cpe:2.3:a:smarty:smarty:1.3.0:::::::* cpe:2.3:a:smarty:smarty:1.2.2:::::::* cpe:2.3:a:smarty:smarty:1.2.1:::::::* cpe:2.3:a:smarty:smarty:1.2.0:::::::* cpe:2.3:a:smarty:smarty:1.1.0:::::::* cpe:2.3:a:smarty:smarty:1.0b:::::::* cpe:2.3:a:smarty:smarty:1.0a:::::::* cpe:2.3:a:smarty:smarty:1.0:::::::* cpe:2.3:a:smarty:smarty::::::::	59
Application	Snoopy cpe:2.3:a:snoopy:snoopy:1.2.3:::::::*	1
Application	Wordpress cpe:2.3:a:wordpress:wordpress:2.6.2:::::::* cpe:2.3:a:wordpress:wordpress:2.6.1:beta1:::::: cpe:2.3:a:wordpress:wordpress:2.6.1:beta2:::::: cpe:2.3:a:wordpress:wordpress:2.6.1:-:::::: cpe:2.3:a:wordpress:wordpress:2.6:rc1:::::: cpe:2.3:a:wordpress:wordpress:2.6:beta1:::::: cpe:2.3:a:wordpress:wordpress:2.6:beta2:::::: cpe:2.3:a:wordpress:wordpress:2.6:beta3:::::: cpe:2.3:a:wordpress:wordpress:2.6:-:::::: cpe:2.3:a:wordpress:wordpress:2.5.1:::::::* cpe:2.3:a:wordpress:wordpress:2.5:rc2:::::: cpe:2.3:a:wordpress:wordpress:2.5:rc3:::::: cpe:2.3:a:wordpress:wordpress:2.5:rc1:::::: cpe:2.3:a:wordpress:wordpress:2.5:-:::::: cpe:2.3:a:wordpress:wordpress:2.3.3:::::::* cpe:2.3:a:wordpress:wordpress:2.3.2:beta2:::::: cpe:2.3:a:wordpress:wordpress:2.3.2:beta:::::: cpe:2.3:a:wordpress:wordpress:2.3.2:rc1:::::: cpe:2.3:a:wordpress:wordpress:2.3.2:beta3:::::: cpe:2.3:a:wordpress:wordpress:2.3.2:beta1:::::: cpe:2.3:a:wordpress:wordpress:2.3.2:-:::::: cpe:2.3:a:wordpress:wordpress:2.3.1:beta1:::::: cpe:2.3:a:wordpress:wordpress:2.3.1:rc1:::::: cpe:2.3:a:wordpress:wordpress:2.3.1:-:::::: cpe:2.3:a:wordpress:wordpress:2.3:rc1:::::: cpe:2.3:a:wordpress:wordpress:2.3:beta3:::::: cpe:2.3:a:wordpress:wordpress:2.3:beta2:::::: cpe:2.3:a:wordpress:wordpress:2.3:beta1:::::: cpe:2.3:a:wordpress:wordpress:2.3:-:::::: cpe:2.3:a:wordpress:wordpress:2.2.3:::::::* cpe:2.3:a:wordpress:wordpress:2.2.2:::::::* cpe:2.3:a:wordpress:wordpress:2.2.1:rc1:::::: cpe:2.3:a:wordpress:wordpress:2.2.1:rc2:::::: cpe:2.3:a:wordpress:wordpress:2.2.1:-:::::: cpe:2.3:a:wordpress:wordpress:2.2.0:::::::* cpe:2.3:a:wordpress:wordpress:2.2_revision5003:::::::* cpe:2.3:a:wordpress:wordpress:2.2_revision5002:::::::* cpe:2.3:a:wordpress:wordpress:2.2:rc2:::::: cpe:2.3:a:wordpress:wordpress:2.2::revision5003::::: cpe:2.3:a:wordpress:wordpress:2.2:rc1:::::: cpe:2.3:a:wordpress:wordpress:2.2::revision5002::::: cpe:2.3:a:wordpress:wordpress:2.2:-:::::: cpe:2.3:a:wordpress:wordpress:2.1.3_rc2:::::::* cpe:2.3:a:wordpress:wordpress:2.1.3_rc1:::::::* cpe:2.3:a:wordpress:wordpress:2.1.3:rc3:::::: cpe:2.3:a:wordpress:wordpress:2.1.3:rc1:::::: cpe:2.3:a:wordpress:wordpress:2.1.3:rc2:::::: cpe:2.3:a:wordpress:wordpress:2.1.3:-:::::: cpe:2.3:a:wordpress:wordpress:2.1.2:::::::* cpe:2.3:a:wordpress:wordpress:2.1.1beta:::::::* cpe:2.3:a:wordpress:wordpress:2.1.1:rc1:::::: cpe:2.3:a:wordpress:wordpress:2.1.1:dangerous:::::: cpe:2.3:a:wordpress:wordpress:2.1.1:beta1:::::: cpe:2.3:a:wordpress:wordpress:2.1.1:-:::::: cpe:2.3:a:wordpress:wordpress:2.1:rc2:::::: cpe:2.3:a:wordpress:wordpress:2.1:beta3:::::: cpe:2.3:a:wordpress:wordpress:2.1:beta4:::::: cpe:2.3:a:wordpress:wordpress:2.1:alpha_3:::::: cpe:2.3:a:wordpress:wordpress:2.1:rc1:::::: cpe:2.3:a:wordpress:wordpress:2.1:beta1:::::: cpe:2.3:a:wordpress:wordpress:2.1:beta2:::::: cpe:2.3:a:wordpress:wordpress:2.1:ella:::::: cpe:2.3:a:wordpress:wordpress:2.1:-:::::: cpe:2.3:a:wordpress:wordpress:2.0.9rc1:::::::* cpe:2.3:a:wordpress:wordpress:2.0.9:beta:::::: cpe:2.3:a:wordpress:wordpress:2.0.9:beta1:::::: cpe:2.3:a:wordpress:wordpress:2.0.9:rc1:::::: cpe:2.3:a:wordpress:wordpress:2.0.9:-:::::: cpe:2.3:a:wordpress:wordpress:2.0.8:rc1:::::: cpe:2.3:a:wordpress:wordpress:2.0.8:-:::::: cpe:2.3:a:wordpress:wordpress:2.0.7:rc2:::::: cpe:2.3:a:wordpress:wordpress:2.0.7:rc1:::::: cpe:2.3:a:wordpress:wordpress:2.0.7:-:::::: cpe:2.3:a:wordpress:wordpress:2.0.6:beta:::::: cpe:2.3:a:wordpress:wordpress:2.0.6:rc1:::::: cpe:2.3:a:wordpress:wordpress:2.0.6:beta1:::::: cpe:2.3:a:wordpress:wordpress:2.0.6:rc2:::::: cpe:2.3:a:wordpress:wordpress:2.0.6:-:::::: cpe:2.3:a:wordpress:wordpress:2.0.5:rc1:::::: cpe:2.3:a:wordpress:wordpress:2.0.5:beta:::::: cpe:2.3:a:wordpress:wordpress:2.0.5:ronan:::::: cpe:2.3:a:wordpress:wordpress:2.0.5:beta1:::::: cpe:2.3:a:wordpress:wordpress:2.0.5:-:::::: cpe:2.3:a:wordpress:wordpress:2.0.4:::::::* cpe:2.3:a:wordpress:wordpress:2.0.3:-:::::: cpe:2.3:a:wordpress:wordpress:2.0.2:::::::* cpe:2.3:a:wordpress:wordpress:2.0.11:rc1:::::: cpe:2.3:a:wordpress:wordpress:2.0.11:rc2:::::: cpe:2.3:a:wordpress:wordpress:2.0.11:rc3:::::: cpe:2.3:a:wordpress:wordpress:2.0.11:-:::::: cpe:2.3:a:wordpress:wordpress:2.0.10_rc2:::::::* cpe:2.3:a:wordpress:wordpress:2.0.10_rc1:::::::* cpe:2.3:a:wordpress:wordpress:2.0.10:rc1:::::: cpe:2.3:a:wordpress:wordpress:2.0.10:rc2:::::: cpe:2.3:a:wordpress:wordpress:2.0.10:rc3:::::: cpe:2.3:a:wordpress:wordpress:2.0.10:-:::::: cpe:2.3:a:wordpress:wordpress:2.0.1:rc1:::::: cpe:2.3:a:wordpress:wordpress:2.0.1:-:::::: cpe:2.3:a:wordpress:wordpress:2.0:rc1:::::: cpe:2.3:a:wordpress:wordpress:2.0:-:::::: cpe:2.3:a:wordpress:wordpress:1.6.2:::::::* cpe:2.3:a:wordpress:wordpress:1.6:::::::* cpe:2.3:a:wordpress:wordpress:1.5.2:::::::* cpe:2.3:a:wordpress:wordpress:1.5.1.3:::::::* cpe:2.3:a:wordpress:wordpress:1.5.1.2:::::::* cpe:2.3:a:wordpress:wordpress:1.5.1.1:::::::* cpe:2.3:a:wordpress:wordpress:1.5.1:::::::* cpe:2.3:a:wordpress:wordpress:1.5-strayhorn:::::::* cpe:2.3:a:wordpress:wordpress:1.5:::::::* cpe:2.3:a:wordpress:wordpress:1.5::strayhorn::::: cpe:2.3:a:wordpress:wordpress:1.4:::::::* cpe:2.3:a:wordpress:wordpress:1.3.3:::::::* cpe:2.3:a:wordpress:wordpress:1.3.2:::::::* cpe:2.3:a:wordpress:wordpress:1.3.1:::::::* cpe:2.3:a:wordpress:wordpress:1.3:::::::* cpe:2.3:a:wordpress:wordpress:1.2.5:a:::::: cpe:2.3:a:wordpress:wordpress:1.2.5:::::::* cpe:2.3:a:wordpress:wordpress:1.2.4:::::::* cpe:2.3:a:wordpress:wordpress:1.2.3:::::::* cpe:2.3:a:wordpress:wordpress:1.2.2:::::::* cpe:2.3:a:wordpress:wordpress:1.2.1:::::::* cpe:2.3:a:wordpress:wordpress:1.2-mingus:::::::* cpe:2.3:a:wordpress:wordpress:1.2-delta:::::::* cpe:2.3:a:wordpress:wordpress:1.2:delta:::::: cpe:2.3:a:wordpress:wordpress:1.2:rc2:::::: cpe:2.3:a:wordpress:wordpress:1.2:beta:::::: cpe:2.3:a:wordpress:wordpress:1.2::mingus::::: cpe:2.3:a:wordpress:wordpress:1.2:rc1:::::: cpe:2.3:a:wordpress:wordpress:1.2:-:::::: cpe:2.3:a:wordpress:wordpress:1.1.1:::::::* cpe:2.3:a:wordpress:wordpress:1.0.2-blakey:::::::* cpe:2.3:a:wordpress:wordpress:1.0.2:::::::* cpe:2.3:a:wordpress:wordpress:1.0.2::blakey::::: cpe:2.3:a:wordpress:wordpress:1.0.1-miles:::::::* cpe:2.3:a:wordpress:wordpress:1.0.1:rc1:::::: cpe:2.3:a:wordpress:wordpress:1.0.1::miles::::: cpe:2.3:a:wordpress:wordpress:1.0.1:miles:::::: cpe:2.3:a:wordpress:wordpress:1.0.1:-:::::: cpe:2.3:a:wordpress:wordpress:1.0-platinum:::::::* cpe:2.3:a:wordpress:wordpress:1.0:rc3:::::: cpe:2.3:a:wordpress:wordpress:1.0::platinum::::: cpe:2.3:a:wordpress:wordpress:1.0:rc4:::::: cpe:2.3:a:wordpress:wordpress:1.0:rc1:::::: cpe:2.3:a:wordpress:wordpress:1.0:rc2:::::: cpe:2.3:a:wordpress:wordpress:1.0:-:::::: cpe:2.3:a:wordpress:wordpress:0.72:::::::* cpe:2.3:a:wordpress:wordpress:0.72:::rc1:::: cpe:2.3:a:wordpress:wordpress:0.72:rc1:::::: cpe:2.3:a:wordpress:wordpress:0.72:beta2:::::: cpe:2.3:a:wordpress:wordpress:0.72:beta1:::::: cpe:2.3:a:wordpress:wordpress:0.72:::beta1:::: cpe:2.3:a:wordpress:wordpress:0.72:beta_1:::::: cpe:2.3:a:wordpress:wordpress:0.72:beta_2:::::: cpe:2.3:a:wordpress:wordpress:0.711:::::::* cpe:2.3:a:wordpress:wordpress:0.71-gold:::::::* cpe:2.3:a:wordpress:wordpress:0.71::gold::::: cpe:2.3:a:wordpress:wordpress:0.71:beta:::::: cpe:2.3:a:wordpress:wordpress:0.71:beta_3:::::: cpe:2.3:a:wordpress:wordpress:0.71:beta3:::::: cpe:2.3:a:wordpress:wordpress:0.71:-:::::: cpe:2.3:a:wordpress:wordpress:0.70:::::::* cpe:2.3:a:wordpress:wordpress:0.7:::::::* cpe:2.3:a:wordpress:wordpress:0.6.2.1:beta_2:::::: cpe:2.3:a:wordpress:wordpress:0.6.2.1:::::::* cpe:2.3:a:wordpress:wordpress:0.6.2:::::::* cpe:2.3:a:wordpress:wordpress:0.6.2:beta_2:::::: cpe:2.3:a:wordpress:wordpress:::::::: cpe:2.3:a:wordpress:wordpress:-:::::::*	168
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:5.0:::::::* cpe:2.3:o:debian:debian_linux:4.0:::::::*	2

ExploitDB Exploits

id	Description
2008-12-22	RoundCube Webmail <= 0.2b Remote Code Execution Exploit
2008-12-22	RoundCube Webmail <= 0.2-3 beta Code Execution Vulnerability

OpenVAS Exploits

Date	Description
2011-03-09	Name : Gentoo Security Advisory GLSA 201006-13 (smarty) File : nvt/glsa_201006_13.nasl
2010-08-21	Name : Debian Security Advisory DSA 1919-2 (smarty) File : nvt/deb_1919_2.nasl
2009-12-14	Name : Fedora Core 10 FEDORA-2009-13040 (moodle) File : nvt/fcore_2009_13040.nasl
2009-10-27	Name : Debian Security Advisory DSA 1919-1 (smarty) File : nvt/deb_1919_1.nasl
2009-09-02	Name : Debian Security Advisory DSA 1871-1 (wordpress) File : nvt/deb_1871_1.nasl
2009-09-02	Name : Debian Security Advisory DSA 1871-2 (wordpress) File : nvt/deb_1871_2.nasl
2009-06-30	Name : Ubuntu USN-791-3 (smarty) File : nvt/ubuntu_791_3.nasl
2009-06-30	Name : Ubuntu USN-791-2 (moodle) File : nvt/ubuntu_791_2.nasl
2009-06-30	Name : Ubuntu USN-791-1 (moodle) File : nvt/ubuntu_791_1.nasl
2009-06-05	Name : Fedora Core 11 FEDORA-2009-5520 (php-Smarty) File : nvt/fcore_2009_5520.nasl
2009-06-05	Name : Ubuntu USN-698-1 (nagios) File : nvt/ubuntu_698_1.nasl
2009-06-05	Name : Fedora Core 10 FEDORA-2009-5525 (php-Smarty) File : nvt/fcore_2009_5525.nasl
2009-06-05	Name : Fedora Core 9 FEDORA-2009-5516 (php-Smarty) File : nvt/fcore_2009_5516.nasl
2009-06-05	Name : Ubuntu USN-723-1 (git-core) File : nvt/ubuntu_723_1.nasl
2009-04-28	Name : SuSE Security Summary SUSE-SR:2009:009 File : nvt/suse_sr_2009_009.nasl
2009-04-06	Name : Fedora Core 9 FEDORA-2009-3283 (moodle) File : nvt/fcore_2009_3283.nasl
2009-04-06	Name : Fedora Core 10 FEDORA-2009-3280 (moodle) File : nvt/fcore_2009_3280.nasl
2009-04-06	Name : Debian Security Advisory DSA 1761-1 (moodle) File : nvt/deb_1761_1.nasl
2009-03-31	Name : SuSE Security Summary SUSE-SR:2009:007 File : nvt/suse_sr_2009_007.nasl
2009-03-03	Name : Moodle CMS Multiple Vulnerabilities File : nvt/gb_moodle_cms_mult_vuln.nasl
2009-03-02	Name : Mandrake Security Advisory MDVSA-2009:052 (php-smarty) File : nvt/mdksa_2009_052.nasl
2009-02-18	Name : Debian Security Advisory DSA 1724-1 (moodle) File : nvt/deb_1724_1.nasl
2009-02-18	Name : Fedora Core 10 FEDORA-2009-1699 (moodle) File : nvt/fcore_2009_1699.nasl
2009-02-17	Name : Fedora Update for wordpress FEDORA-2008-9257 File : nvt/gb_fedora_2008_9257_wordpress_fc9.nasl
2009-02-17	Name : Fedora Update for wordpress FEDORA-2008-9304 File : nvt/gb_fedora_2008_9304_wordpress_fc8.nasl
2009-02-17	Name : Fedora Update for php-Smarty FEDORA-2008-9401 File : nvt/gb_fedora_2008_9401_php-Smarty_fc8.nasl
2009-02-17	Name : Fedora Update for php-Smarty FEDORA-2008-9420 File : nvt/gb_fedora_2008_9420_php-Smarty_fc9.nasl
2009-02-17	Name : Fedora Update for moodle FEDORA-2008-9502 File : nvt/gb_fedora_2008_9502_moodle_fc8.nasl
2009-02-17	Name : Fedora Update for moodle FEDORA-2008-9508 File : nvt/gb_fedora_2008_9508_moodle_fc9.nasl
2009-02-17	Name : Fedora Update for moodle FEDORA-2008-9903 File : nvt/gb_fedora_2008_9903_moodle_fc10.nasl
2009-02-16	Name : Fedora Update for php-Smarty FEDORA-2008-10409 File : nvt/gb_fedora_2008_10409_php-Smarty_fc10.nasl
2009-02-13	Name : Fedora Update for roundcubemail FEDORA-2008-11234 File : nvt/gb_fedora_2008_11234_roundcubemail_fc9.nasl
2009-02-13	Name : Fedora Update for moodle FEDORA-2008-11577 File : nvt/gb_fedora_2008_11577_moodle_fc9.nasl
2009-02-13	Name : Fedora Update for moodle FEDORA-2008-11550 File : nvt/gb_fedora_2008_11550_moodle_fc10.nasl
2009-02-13	Name : Fedora Update for roundcubemail FEDORA-2008-11220 File : nvt/gb_fedora_2008_11220_roundcubemail_fc8.nasl
2009-02-13	Name : Fedora Core 9 FEDORA-2009-1641 (moodle) File : nvt/fcore_2009_1641.nasl
2009-02-02	Name : SuSE Security Summary SUSE-SR:2009:003 File : nvt/suse_sr_2009_003.nasl
2009-01-26	Name : Fedora Core 10 FEDORA-2009-0819 (moodle) File : nvt/fcore_2009_0819.nasl
2009-01-26	Name : Fedora Core 9 FEDORA-2009-0814 (moodle) File : nvt/fcore_2009_0814.nasl
2009-01-02	Name : FreeBSD Ports: roundcube File : nvt/freebsd_roundcube.nasl
2008-12-29	Name : Ubuntu USN-698-2 (nagios3) File : nvt/ubuntu_698_2.nasl
2008-12-29	Name : Ubuntu USN-699-1 (blender) File : nvt/ubuntu_699_1.nasl
2008-12-29	Name : Debian Security Advisory DSA 1691-1 (moodle) File : nvt/deb_1691_1.nasl
2008-11-01	Name : FreeBSD Ports: wordpress, de-wordpress, wordpress-mu File : nvt/freebsd_wordpress8.nasl
2008-01-17	Name : Debian Security Advisory DSA 1315-1 (libphp-phpmailer) File : nvt/deb_1315_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
76139	vTiger CRM cron/class.phpmailer.php phpmailer File Remote Command Execution
54380	Smarty libs/plugins/function.math.php smarty_function_math() Function Templat...
54088	Moodle w/ Snoopy blocks/html/block_html.php HTML Block XSS
54087	Moodle Calendar Export Feature Unspecified Issue
54086	Moodle course/lib.php Log Table Information XSS
54085	Moodle Forum post.php Unauthorized Post Deletion CSRF
53893	Mahara html2text HTML To Plain Text Conversion Arbitrary Code Execution
52998	Moodle TeX Notation Filter Arbitrary File Access
52467	HotPot Module for Moodle report.php hotpot_delete_selected_attempts Function ...
50694	RoundCube Webmail bin/html2text.php preg_replace Function Remote PHP Code Exe...
50627	Moodle Wiki Page Names Unspecified XSS
49987	Moodle spell-check-logic.cgi Multiple Temporary File Symlink Arbitrary File O... Moodle contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the spell-check-logic.cgi script creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.
49943	Smarty libs/Smarty_Compiler.class.php _expand_quoted_text() Function Arbitrar...
49261	Snoopy _httpsrequest() Function Arbitrary Shell Command Injection
42516	Mambo Template Chooser Functionality Unspecified Issue
42515	Mambo Administrator Backend Unspecified XSS
37206	PHPMailer class.phpmailer.php SendmailSend Function Arbitrary Command Execution It is possible for an initiating script to set the Sender property to execute arbitrary commands because the SendmailSend() function in class.phpmailer.php is vulnerable to a shell command execution vulnerability due to a lack of input validation.

Nessus® Vulnerability Scanner

Date	Description
2017-10-04	Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2017-899.nasl - Type : ACT_GATHER_INFO
2017-02-21	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201702-26.nasl - Type : ACT_GATHER_INFO
2010-06-03	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201006-13.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1871.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1919.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_moodle-090417.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_1_moodle-090319.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_moodle-090417.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_moodle-090320.nasl - Type : ACT_GATHER_INFO
2009-07-21	Name : The remote openSUSE host is missing a security update. File : suse_11_0_moodle-090119.nasl - Type : ACT_GATHER_INFO
2009-06-25	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-791-3.nasl - Type : ACT_GATHER_INFO
2009-06-25	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-791-2.nasl - Type : ACT_GATHER_INFO
2009-06-25	Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-791-1.nasl - Type : ACT_GATHER_INFO
2009-05-28	Name : The remote Fedora host is missing a security update. File : fedora_2009-5516.nasl - Type : ACT_GATHER_INFO
2009-05-28	Name : The remote Fedora host is missing a security update. File : fedora_2009-5525.nasl - Type : ACT_GATHER_INFO
2009-05-28	Name : The remote Fedora host is missing a security update. File : fedora_2009-5520.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2009-0819.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2009-1699.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2009-3280.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2008-10409.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Fedora host is missing a security update. File : fedora_2008-9903.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2009-052.nasl - Type : ACT_GATHER_INFO
2009-04-21	Name : The remote openSUSE host is missing a security update. File : suse_moodle-6198.nasl - Type : ACT_GATHER_INFO
2009-04-06	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1761.nasl - Type : ACT_GATHER_INFO
2009-04-03	Name : The remote Fedora host is missing a security update. File : fedora_2009-3283.nasl - Type : ACT_GATHER_INFO
2009-03-30	Name : The remote web server contains a PHP application that is affected by an infor... File : moodle_latex_info_disclosure.nasl - Type : ACT_ATTACK
2009-03-24	Name : The remote openSUSE host is missing a security update. File : suse_moodle-6108.nasl - Type : ACT_GATHER_INFO
2009-02-27	Name : The remote web server contains a PHP application that is affected by a cross-... File : moodle_forum_csrf.nasl - Type : ACT_GATHER_INFO
2009-02-17	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1724.nasl - Type : ACT_GATHER_INFO
2009-02-13	Name : The remote Fedora host is missing a security update. File : fedora_2009-1641.nasl - Type : ACT_GATHER_INFO
2009-01-22	Name : The remote Fedora host is missing a security update. File : fedora_2009-0814.nasl - Type : ACT_GATHER_INFO
2009-01-22	Name : The remote openSUSE host is missing a security update. File : suse_moodle-5938.nasl - Type : ACT_GATHER_INFO
2009-01-02	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_8f483746d45d11dd84ec001fc66e7203.nasl - Type : ACT_GATHER_INFO
2008-12-26	Name : The remote web server contains a PHP script that allows execution of arbitrar... File : roundcube_html2text_cmd_exec.nasl - Type : ACT_ATTACK
2008-12-22	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1691.nasl - Type : ACT_GATHER_INFO
2008-12-15	Name : The remote Fedora host is missing a security update. File : fedora_2008-11220.nasl - Type : ACT_GATHER_INFO
2008-12-15	Name : The remote Fedora host is missing a security update. File : fedora_2008-11234.nasl - Type : ACT_GATHER_INFO
2008-11-09	Name : The remote Fedora host is missing a security update. File : fedora_2008-9502.nasl - Type : ACT_GATHER_INFO
2008-11-09	Name : The remote Fedora host is missing a security update. File : fedora_2008-9508.nasl - Type : ACT_GATHER_INFO
2008-11-07	Name : The remote Fedora host is missing a security update. File : fedora_2008-9257.nasl - Type : ACT_GATHER_INFO
2008-11-07	Name : The remote Fedora host is missing a security update. File : fedora_2008-9304.nasl - Type : ACT_GATHER_INFO
2008-11-07	Name : The remote Fedora host is missing a security update. File : fedora_2008-9401.nasl - Type : ACT_GATHER_INFO
2008-11-07	Name : The remote Fedora host is missing a security update. File : fedora_2008-9420.nasl - Type : ACT_GATHER_INFO
2008-10-27	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_3a4a3e9ca1fe11dd81be001c2514716c.nasl - Type : ACT_GATHER_INFO
2007-06-27	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1315.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 12:06:02	Multiple Updates

Global Informations

Type	Count
Capec ID(s)	5
CWE ID(s)	13
Oval ID(s)	13
CPE ID(s)	377
osvdb(s)	17
ExploitDB Exploit(s)	2
Openvas Exploit(s)	45
Nessus® Exploit(s)	45

	Related
10	CVE-2009-1669
10	CVE-2008-5619
10	CVE-2008-4796
7.5	CVE-2008-6124
7.5	CVE-2008-4811
7.5	CVE-2008-4810
6.9	CVE-2008-5153
6.8	CVE-2007-3215
6.4	CVE-2009-0499
5	CVE-2009-0501
4.3	CVE-2009-1171
4.3	CVE-2009-0502
4.3	CVE-2009-0500
4.3	CVE-2008-5432
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 14 more Alert(s)