[VIM] Moodle <= 1.8.4 Remote Code Execution Exploit

George A. Theall theall at tenablesecurity.com
Fri Sep 5 16:37:15 UTC 2008

FYI, while looking into milw0rm 6356, I notice the underlying issue is  
in the KSES library it uses. The project addressed the issue earlier  
this year; eg,


SecurityFocus created BID 30995 for the issues covered by milw0rm  
6356, yet they also have BID 28599, which covers the code execution  
issue in KSES as well as a couple of other issues, so 30995 would seem  
to be a dup.

I only see one CVE associated with the earlier BID: CVE-2008-1502,  
which refers only to XSS attacks. Steve, if there another for the code  
execution the earlier BID notes?

theall at tenablesecurity.com

More information about the VIM mailing list