Security Announcements

The easiest way to keep track of the recent security issues is to register your Moodle site with moodle.org so that your email address is added to the low-volume mailing list for important notifications such as security alerts. Otherwise, after release, all important security issues are published in this forum, which you can subscribe to (moodle.org account required), or follow moodlesecurity on Twitter.

Documentation: Security


DiscussionStarted byRepliesLast post
MSA-16-0026: When debugging is enabled, error exceptions returned from webservices could contain private data. Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 21 Nov 2016, 11:51 AM
MSA-16-0025: Capability to view course notes is checked in the wrong context Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 21 Nov 2016, 11:49 AM
MSA-16-0024: Non-admin site managers may accidentally edit admins via web services Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 21 Nov 2016, 11:48 AM
MSA-16-0023: Question engine allows access to files that should not be available Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 21 Nov 2016, 11:46 AM
MSA-16-0022: Web service tokens should be invalidated when the user password is changed or forced to be changed Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 12 Sep 2016, 9:58 AM
MSA-16-0021: Unenrolled user still receives event monitor notifications even though they can no longer access course Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Tue, 19 Jul 2016, 4:05 PM
MSA-16-0020: Text injection in email headers Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Tue, 19 Jul 2016, 4:04 PM
MSA-16-0019: Glossary search displays entries without checking user permissions to view them Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Tue, 19 Jul 2016, 4:04 PM
MSA-16-0018: CSRF in script marking forum posts as read Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Wed, 18 May 2016, 5:18 PM
MSA-16-0017: Course idnumber not protected from teacher restore Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Wed, 18 May 2016, 5:18 PM
MSA-16-0016: User can view badges of other users without proper permissions Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Wed, 18 May 2016, 5:17 PM
MSA-16-0015: Information disclosure of hidden forum names and sub-names. Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Wed, 18 May 2016, 5:17 PM
MSA-16-0014 Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Tue, 17 May 2016, 1:57 PM
MSA-16-0013: Users are able to change profile fields that were locked by the administrator Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Tue, 17 May 2016, 1:55 PM
MSA-16-0012: External function mod_assign_save_submission does not check due dates Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 21 Mar 2016, 2:14 PM
MSA-16-0011: Add no referrer to links with _blank target attribute Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 21 Mar 2016, 2:13 PM
MSA-16-0010: Enumeration of category details possible without authentication Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 21 Mar 2016, 2:12 PM
MSA-16-0009: CSRF in Assignment plugin management page Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 21 Mar 2016, 2:12 PM
MSA-16-0008: External function get_calendar_events return events that pertains to hidden activities Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 21 Mar 2016, 2:11 PM
MSA-16-0007: Non-Editing Instructor role can edit exclude checkbox in Single View Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 21 Mar 2016, 2:11 PM
MSA-16-0006: Hidden courses are shown to students in Event Monitor Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 21 Mar 2016, 2:10 PM
MSA-16-0005: Reflected XSS in mod_data advanced search Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 21 Mar 2016, 2:09 PM
MSA-16-0004: XSS from profile fields from external db Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 21 Mar 2016, 2:09 PM
MSA-16-0003: Incorrect capability check when displaying users emails in Participants list Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 21 Mar 2016, 2:08 PM
MSA-16-0002: XSS Vulnerability in course management search Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 18 Jan 2016, 11:50 AM
MSA-16-0001: Two enrolment-related web services don't check course visibility Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 18 Jan 2016, 11:49 AM
MSA-15-0046: Choice module closing date can be bypassed Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 16 Nov 2015, 12:31 PM
MSA-15-0045: SCORM module allows to bypass access restrictions based on date Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 16 Nov 2015, 12:28 PM
MSA-15-0044: Capability to view available badges is not respected Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 16 Nov 2015, 12:27 PM
MSA-15-0043: Web service core_enrol_get_enrolled_users does not respect course group mode Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 16 Nov 2015, 12:25 PM
MSA-15-0042: CSRF in lesson login form Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 16 Nov 2015, 12:22 PM
MSA-15-0041: XSS in flash video player Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 16 Nov 2015, 12:21 PM
MSA-15-0040: Student XSS in survey Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 16 Nov 2015, 12:20 PM
MSA-15-0039: CSRF in site registration form Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 16 Nov 2015, 12:18 PM
MSA-15-0038: DDoS possibility in Atto Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 16 Nov 2015, 12:15 PM
MSA-15-0037: Possible to send a message to a user who blocked messages from non contacts Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 16 Nov 2015, 12:14 PM
MSA-15-0036: XSS in grouping description Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 21 Sep 2015, 9:46 AM
MSA-15-0035: Rating component does not check separate groups Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 21 Sep 2015, 9:45 AM
MSA-15-0034: Vulnerability in password recovery mechanism Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 21 Sep 2015, 9:44 AM
MSA-15-0033: Meta course synchronisation enrols suspended students as managers for a short period of time Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 21 Sep 2015, 9:43 AM
MSA-15-0032: Users can delete files uploaded by other users in wiki Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 21 Sep 2015, 9:42 AM
MSA-15-0031: Teacher in forum can still post to "all participants" and groups they are not members of Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 21 Sep 2015, 9:38 AM
MSA-15-0030: Students can re-attempt answering questions in the lesson Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 21 Sep 2015, 9:36 AM
MSA-15-0029: Javascript injection in SCORM module Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 13 Jul 2015, 8:31 AM
MSA-15-0028: Possible XSS through custom text profile fields in Web Services Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 13 Jul 2015, 8:29 AM
MSA-15-0027: Capability 'mod/forum:canposttomygroups' is not respected when using 'Post a copy to all groups' in forum Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 13 Jul 2015, 8:28 AM
MSA-15-0026: Possible phishing when redirecting to external site using referer header Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 13 Jul 2015, 8:27 AM
MSA-15-0025: Capability to manage own files is not respected in Web Services Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 18 May 2015, 9:05 AM
MSA-15-0024: User with suspended enrolment can see sections in the navigation tree Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 18 May 2015, 9:04 AM
MSA-15-0023: Suspended user is able to login when confirming email Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 18 May 2015, 9:03 AM
MSA-15-0022: Potential XSS risk when returning text entered by student from Web Services Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 18 May 2015, 9:02 AM
MSA-15-0021: Any authenticated user can subscribe to site-wide event monitor rules Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 18 May 2015, 9:01 AM
MSA-15-0020: User fullname disclosure through account confirmation link Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 18 May 2015, 9:00 AM
MSA-15-0019: Possible phishing when redirecting to external site using referer header Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 18 May 2015, 8:59 AM
MSA-15-0018: Quiz manual-grading is an XSS risk, but does not declare that Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 18 May 2015, 8:54 AM
MSA-15-0017: XSS in quiz statistics report Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 16 Mar 2015, 11:08 AM
MSA-15-0016: Web services token can be created for user with temporary password Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 16 Mar 2015, 11:08 AM
MSA-15-0015: User without proper permission is able to mark the tag as inappropriate Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 16 Mar 2015, 11:07 AM
MSA-15-0014: Potential information disclosure for the inaccessible courses Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 16 Mar 2015, 11:06 AM
MSA-15-0013: Block title not properly escaped and may cause HTML injection Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 16 Mar 2015, 11:06 AM
MSA-15-0012: ReDoS Possible with Convert links to URLs filter Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 16 Mar 2015, 11:05 AM
MSA-15-0011: Authentication in mdeploy can be bypassed Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 16 Mar 2015, 11:04 AM
MSA-15-0010: Personal contacts and number of unread messages can be revealed Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 16 Mar 2015, 11:03 AM
MSA-15-0009: Directory Traversal Attack possible through some files serving JS Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Tue, 10 Feb 2015, 10:13 AM
MSA-15-0008: Forced logout through Shibboleth authentication plugin Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 19 Jan 2015, 10:02 AM
MSA-15-0007: ReDoS possible in the multimedia filter Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 19 Jan 2015, 10:01 AM
MSA-15-0006: Capability to grade Lesson module is missing XSS bitmask Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 19 Jan 2015, 10:00 AM
MSA-15-0005: Insufficient access check in calendar functions in web-services Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 19 Jan 2015, 9:59 AM
MSA-15-0004: Information leak through messaging functions in web-services Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 19 Jan 2015, 9:58 AM
MSA-15-0003: CSRF possible in Glossary module Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 19 Jan 2015, 9:56 AM
MSA-15-0002: XSS vulnerability in course request pending approval page Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 19 Jan 2015, 9:55 AM
MSA-15-0001: Insufficient access check in LTI module Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 19 Jan 2015, 9:52 AM
MSA-14-0049: Possible to print arbitrary message to user by modifying URL Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 17 Nov 2014, 12:28 PM
MSA-14-0048: CSRF in forum tracking toggle Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 17 Nov 2014, 12:27 PM
MSA-14-0047: Possible data loss in Wiki activity Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 17 Nov 2014, 12:26 PM
MSA-14-0046: CSRF in LTI module Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 17 Nov 2014, 12:25 PM
MSA-14-0045: XSS file upload possible through web service Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 17 Nov 2014, 12:25 PM
MSA-14-0044: Hardware path disclosed in the error message Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 17 Nov 2014, 12:24 PM
MSA-14-0043: Lack of group check in web service for Forum Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 17 Nov 2014, 12:23 PM
MSA-14-0042: Lack of access check in IP lookup functionality Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 17 Nov 2014, 12:22 PM
MSA-14-0041: Lack of capability check in tags list access Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 17 Nov 2014, 12:21 PM
MSA-14-0040: Information leak in Database activity module Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 17 Nov 2014, 12:10 PM
MSA-14-0039: Insufficient access check in LTI module Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 17 Nov 2014, 12:09 PM
MSA-14-0038: Hidden grade information exposed by web services Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 17 Nov 2014, 12:08 PM
MSA-14-0037: Weak temporary password generation Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 17 Nov 2014, 12:07 PM
MSA-14-0036: XSS in mapcourse script in Feedback module Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 17 Nov 2014, 10:37 AM
MSA-14-0035: Headers not added to some AJAX scripts Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, 17 Nov 2014, 10:33 AM
MSA-14-0034: Identity information revealed early in Q&A forum My mug Michael de Raadt 0 Michael de Raadt
Mon, 15 Sep 2014, 8:29 AM
MSA-14-0033: URL parameter injection in CAS authentication My mug Michael de Raadt 0 Michael de Raadt
Mon, 15 Sep 2014, 8:28 AM
MSA-14-0032: Cross-site scripting in advanced grading methods My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jul 2014, 4:00 PM
MSA-14-0031: Cross-site scripting though scheduled task error messages My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jul 2014, 4:00 PM
MSA-14-0030: Cross-site scripting through logs of failed logins My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jul 2014, 3:59 PM
MSA-14-0029: Cross-site scripting vulnerability in exception dialogues My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jul 2014, 3:58 PM
MSA-14-0028: Cross-site scripting possible in external badges My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jul 2014, 9:56 AM
MSA-14-0027: Forum group posting issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jul 2014, 9:55 AM
MSA-14-0026: Information leak in profile and notes pages My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jul 2014, 9:52 AM
MSA-14-0025: Remote code execution in Quiz My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jul 2014, 9:51 AM
MSA-14-0024: Cross-site scripting vulnerability in profile field My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jul 2014, 9:48 AM
MSA-14-0023: XML External Entity vulnerability in IMSCC and IMSCP My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jul 2014, 9:45 AM
MSA-14-0022: XML External Entity vulnerability in LTI module My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jul 2014, 9:43 AM
MSA-14-0021: Code injection in Repositories My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jul 2014, 9:42 AM
MSA-14-0020: Identity confusion in Shibboleth authentication My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jul 2014, 9:40 AM
MSA-14-0019: Reflected XSS in URL downloader repository My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 May 2014, 9:31 AM
MSA-14-0018: Information leak in courses My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 May 2014, 9:29 AM
MSA-14-0017: File access issue in HTML block My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 May 2014, 9:27 AM
MSA-14-0016: Anonymous student identity revealed in assignment My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 May 2014, 9:26 AM
MSA-14-0015: Web service token expiry issue for MoodleMobile My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 May 2014, 9:24 AM
MSA-14-0014: Cross-site request forgery possible in Assignment My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 May 2014, 9:22 AM
MSA-14-0013: Unfiltered data used in Assignment web services My mug Michael de Raadt 0 Michael de Raadt
Mon, 24 Mar 2014, 8:52 AM
MSA-14-0008: Cross site scripting potential in Flowplayer My mug Michael de Raadt 0 Michael de Raadt
Mon, 24 Mar 2014, 8:51 AM
MSA-14-0004: Incorrect filtering in Quiz My mug Michael de Raadt 0 Michael de Raadt
Mon, 24 Mar 2014, 8:51 AM
MSA-14-0012: Access issue in Badges My mug Michael de Raadt 0 Michael de Raadt
Mon, 17 Mar 2014, 9:52 AM
MSA-14-0011: Cross site request forgery potential in IMS enrolments My mug Michael de Raadt 0 Michael de Raadt
Mon, 17 Mar 2014, 9:51 AM
MSA-14-0010: Identity information leak in Alfresco Repository My mug Michael de Raadt 0 Michael de Raadt
Mon, 17 Mar 2014, 9:48 AM
MSA-14-0009: Identity information leak in Forum and Quiz My mug Michael de Raadt 0 Michael de Raadt
Mon, 17 Mar 2014, 9:47 AM
MSA-14-0007: Access issue in Wiki My mug Michael de Raadt 0 Michael de Raadt
Mon, 17 Mar 2014, 9:43 AM
MSA-14-0006: Capability issue in Chat My mug Michael de Raadt 0 Michael de Raadt
Mon, 17 Mar 2014, 9:40 AM
MSA-14-0005: Access issue in Feedback activity My mug Michael de Raadt 0 Michael de Raadt
Mon, 17 Mar 2014, 9:39 AM
MSA-14-0003: Cross-site request forgery vulnerability in profile fields My mug Michael de Raadt 0 Michael de Raadt
Mon, 17 Mar 2014, 9:36 AM
MSA-14-0002: Group constraints lacking in "login as" My mug Michael de Raadt 0 Michael de Raadt
Mon, 20 Jan 2014, 8:49 AM
MSA-14-0001: Config passwords visibility issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 20 Jan 2014, 8:48 AM
MSA-13-0040: Cross site scripting vulnerability in YUI library My mug Michael de Raadt 0 Michael de Raadt
Mon, 25 Nov 2013, 8:44 AM
MSA-13-0039: Cross site scripting in Quiz My mug Michael de Raadt 0 Michael de Raadt
Mon, 25 Nov 2013, 8:35 AM
MSA-13-0038: Access to server files through repository My mug Michael de Raadt 0 Michael de Raadt
Mon, 25 Nov 2013, 8:33 AM
MSA-13-0037: Cross site scripting in Messages My mug Michael de Raadt 0 Michael de Raadt
Mon, 25 Nov 2013, 8:31 AM
MSA-13-0036: Incorrect headers sent for secured resources My mug Michael de Raadt 0 Michael de Raadt
Mon, 25 Nov 2013, 8:29 AM
MSA-13-0035: Inadequate filtering in Blog My mug Michael de Raadt 0 Michael de Raadt
Mon, 23 Sep 2013, 4:17 PM
MSA-13-0034: Object injection through Badges My mug Michael de Raadt 0 Michael de Raadt
Mon, 23 Sep 2013, 4:17 PM
MSA-13-0033: Potential SQL injection in Moodle's SQL Server driver My mug Michael de Raadt 0 Michael de Raadt
Mon, 16 Sep 2013, 9:38 AM
MSA-13-0032: Host verification failure in Amazon S3 repository My mug Michael de Raadt 0 Michael de Raadt
Mon, 16 Sep 2013, 9:36 AM
MSA-13-0031: Personal information leak in Feedback activity My mug Michael de Raadt 0 Michael de Raadt
Mon, 15 Jul 2013, 9:29 AM
MSA-13-0030: Information leak through RSS My mug Michael de Raadt 0 Michael de Raadt
Mon, 15 Jul 2013, 9:26 AM
MSA-13-0029: XSS risk in conditional activities My mug Michael de Raadt 0 Michael de Raadt
Mon, 15 Jul 2013, 9:24 AM
MSA-13-0028: Answer information revealed in Lesson activity My mug Michael de Raadt 0 Michael de Raadt
Mon, 15 Jul 2013, 9:22 AM
MSA-13-0027: Access issue in Chat module My mug Michael de Raadt 0 Michael de Raadt
Mon, 15 Jul 2013, 9:19 AM
MSA-13-0026: Personal information leak in IMS-LTI My mug Michael de Raadt 0 Michael de Raadt
Mon, 15 Jul 2013, 9:19 AM
MSA-13-0025: XSS vulnerability in YUI library My mug Michael de Raadt 0 Michael de Raadt
Mon, 15 Jul 2013, 9:08 AM
MSA-13-0024: Form filtering issue My mug Michael de Raadt 0 Michael de Raadt
Tue, 21 May 2013, 8:13 AM
MSA-13-0023: Permission issue in blog comments My mug Michael de Raadt 0 Michael de Raadt
Tue, 21 May 2013, 8:11 AM
MSA-13-0022: Information leak in hub registration My mug Michael de Raadt 0 Michael de Raadt
Tue, 21 May 2013, 8:09 AM
MSA-13-0021: Potential information leak in Gradebook My mug Michael de Raadt 0 Michael de Raadt
Tue, 21 May 2013, 8:06 AM
MSA-13-0020: Capability issue in Assignment My mug Michael de Raadt 0 Michael de Raadt
Tue, 21 May 2013, 8:01 AM
MSA-13-0019: Unauthorised settings editing through WebDav repository My mug Michael de Raadt 0 Michael de Raadt
Mon, 25 Mar 2013, 1:49 PM
MSA-13-0018: Personal information leak through repositories My mug Michael de Raadt 0 Michael de Raadt
Mon, 25 Mar 2013, 1:49 PM
MSA-13-0017: Form manipulation issue in notes My mug Michael de Raadt 0 Michael de Raadt
Mon, 25 Mar 2013, 1:48 PM
MSA-13-0016: External Entity Injection through Zend library My mug Michael de Raadt 0 Michael de Raadt
Mon, 25 Mar 2013, 1:48 PM
MSA-13-0015: Cross-site scripting issue in Filepicker My mug Michael de Raadt 0 Michael de Raadt
Mon, 25 Mar 2013, 1:47 PM
MSA-13-0014: Password revealed in WebDav repository My mug Michael de Raadt 0 Michael de Raadt
Mon, 25 Mar 2013, 1:47 PM
MSA-13-0013: Server information revealed through exception messages My mug Michael de Raadt 0 Michael de Raadt
Mon, 25 Mar 2013, 1:46 PM
MSA-13-0012: Information leak in course profiles My mug Michael de Raadt 0 Michael de Raadt
Mon, 25 Mar 2013, 1:46 PM
MSA-13-0011: Calendar subscription capability issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 25 Mar 2013, 1:45 PM
MSA-13-0010: Failure to check capabilities in calendar My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jan 2013, 10:05 AM
MSA-13-0009: Information leak through Blog RSS My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jan 2013, 10:04 AM
MSA-13-0008: Information leak through Blog RSS My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jan 2013, 10:03 AM
MSA-13-0007: Potential exploit in messaging My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jan 2013, 9:59 AM
MSA-13-0006: Potential information leak in Assignment module My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jan 2013, 9:57 AM
MSA-13-0005: Potential phishing attack through URL redirects My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jan 2013, 9:56 AM
MSA-13-0004: Information leak through activity report My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jan 2013, 9:54 AM
MSA-13-0003: Potential server file access through backup restoration My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jan 2013, 9:53 AM
MSA-13-0002: Capability issue with Outcome editing My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jan 2013, 9:50 AM
MSA-13-0001: Security issue in Google Spellchecker in TinyMCE My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 Jan 2013, 9:46 AM
MSA-12-0063: Information leak in Check Permissions page My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 Nov 2012, 8:29 AM
MSA-12-0062: Information leak in Database activity module My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 Nov 2012, 8:27 AM
MSA-12-0061: Remote code execution through Portfolio API My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 Nov 2012, 8:24 AM
MSA-12-0060: Cross-site scripting vulnerability in YUI2 My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 Nov 2012, 8:22 AM
MSA-12-0059: Information leak in Database activity module My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 Nov 2012, 8:20 AM
MSA-12-0058: Possible form data manipulation issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 Nov 2012, 8:19 AM
MSA-12-0057: Access issue through repository My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 Nov 2012, 8:17 AM
MSA-12-0056: Information leak in drag-and-drop My mug Michael de Raadt 0 Michael de Raadt
Mon, 17 Sep 2012, 11:58 AM
MSA-12-0055: Web service access token issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 17 Sep 2012, 11:57 AM
MSA-12-0054: Course reset permission issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 17 Sep 2012, 11:56 AM
MSA-12-0053: Blog file access issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 17 Sep 2012, 11:54 AM
MSA-12-0052: Course topics permission issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 17 Sep 2012, 11:53 AM
MSA-12-0051: File upload size constraint issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 17 Sep 2012, 11:51 AM
MSA-12-0050: Potential DOS attack through database activity My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jul 2012, 8:44 AM
MSA-12-0049: Group restricted activity displayed to all users My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jul 2012, 8:44 AM
MSA-12-0048: Possible XSS in cohort administration My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jul 2012, 8:44 AM
MSA-12-0047: SQL injection potential in Feedback module My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jul 2012, 8:44 AM
MSA-12-0046: Insecure protocol redirection in LDAP authentication My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jul 2012, 8:43 AM
MSA-12-0045: Injection potential in admin for repositories My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jul 2012, 8:22 AM
MSA-12-0044: Capability check issue in forum subscriptions My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jul 2012, 8:20 AM
MSA-12-0043: Early information access issue in forum My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jul 2012, 8:18 AM
MSA-12-0042: File access issue in blocks My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jul 2012, 8:18 AM
MSA-12-0041: XSS issue in LTI module My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jul 2012, 8:14 AM
MSA-12-0040: Capabilities issue through caching My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jul 2012, 8:13 AM
MSA-12-0039: File upload validation issue My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jul 2012, 8:11 AM
MSA-12-0038: Calendar event write permission issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 May 2012, 2:55 PM
MSA-12-0037: Write access issue in Database activity module My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 May 2012, 2:54 PM
MSA-12-0036: Cross-site scripting vulnerability in category identifier My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 May 2012, 2:52 PM
MSA-12-0035: Cross-site scripting vulnerability in "download all" My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 May 2012, 2:50 PM
MSA-12-0034: Potential SQL injection issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 May 2012, 2:48 PM
MSA-12-0033: Cross-site scripting vulnerability in Blog My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 May 2012, 2:47 PM
MSA-12-0032: Cross-site scripting vulnerability in Web services My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 May 2012, 2:45 PM
MSA-12-0031: Cross-site scripting vulnerability in Wiki My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 May 2012, 2:43 PM
MSA-12-0030: Capability manipulation issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 May 2012, 2:38 PM
MSA-12-0029: Information editing access issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 May 2012, 2:36 PM
MSA-12-0028: Insecure authentication issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 May 2012, 2:34 PM
MSA-12-0027: Question bank capability issues My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 May 2012, 2:32 PM
MSA-12-0026: Quiz capability issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 May 2012, 2:30 PM
MSA-12-0025: Personal communication access issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 May 2012, 2:20 PM
MSA-12-0024: Hidden information access issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 21 May 2012, 2:19 PM
MSA-12-0023: External enrolment plugin context check issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 Mar 2012, 1:57 PM
MSA-12-0022: Security conflict in Web services My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 Mar 2012, 1:56 PM
MSA-12-0021: Course information leak through tags My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 Mar 2012, 1:54 PM
MSA-12-0020: Forum subscription permission issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 Mar 2012, 1:53 PM
MSA-12-0019: Overview report and hidden course issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 Mar 2012, 1:51 PM
MSA-12-0018: Course information leak in Gradebook export My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 Mar 2012, 1:49 PM
MSA-12-0017: Personal information leak issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 Mar 2012, 1:47 PM
MSA-12-0016: Default repository capabilities issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 Mar 2012, 1:45 PM
MSA-12-0015: Backup and private files issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 Mar 2012, 1:42 PM
MSA-12-0014: Password and Web services issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 Mar 2012, 1:41 PM
MSA-12-0013: Database activity export permission issue My mug Michael de Raadt 0 Michael de Raadt
Mon, 19 Mar 2012, 1:33 PM
MSA-12-0012: Form validation issue My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jan 2012, 10:21 AM
MSA-12-0011: Browser autofill password issue My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jan 2012, 10:19 AM
MSA-12-0010: Unauthorised access to session key My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jan 2012, 10:18 AM
MSA-12-0009: Role access issue My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jan 2012, 10:14 AM
MSA-12-0008: Unsynchronised access via tokens My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jan 2012, 10:12 AM
MSA-12-0007: Email injection prevention My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jan 2012, 10:11 AM
MSA-12-0006: Additional email address validation My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jan 2012, 10:09 AM
MSA-12-0005: Encryption enhancement My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jan 2012, 10:07 AM
MSA-12-0004: Added profile image security My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jan 2012, 10:05 AM
MSA-12-0003: Added password protection My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jan 2012, 10:04 AM
MSA-12-0002: Personal information leak My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jan 2012, 10:01 AM
MSA-12-0001: Recaptcha transmission consistency issue My mug Michael de Raadt 0 Michael de Raadt
Tue, 17 Jan 2012, 9:45 AM
MSA-11-0054: Personal information leak My mug Michael de Raadt 0 Michael de Raadt
Tue, 6 Dec 2011, 4:24 PM
MSA-11-0053: Security and system administration conflict My mug Michael de Raadt 0 Michael de Raadt
Tue, 6 Dec 2011, 4:23 PM
MSA-11-0052: Potential to exploit developer debugging scripts My mug Michael de Raadt 0 Michael de Raadt
Tue, 6 Dec 2011, 4:06 PM
MSA-11-0051: Authentication issue with Web services My mug Michael de Raadt 0 Michael de Raadt
Tue, 6 Dec 2011, 4:04 PM
MSA-11-0050: Backup capability issue My mug Michael de Raadt 0 Michael de Raadt
Tue, 6 Dec 2011, 4:01 PM
MSA-11-0049: Network restriction ineffective with MNet My mug Michael de Raadt 0 Michael de Raadt
Tue, 6 Dec 2011, 3:59 PM
MSA-11-0048: Password loss issue My mug Michael de Raadt 0 Michael de Raadt
Tue, 6 Dec 2011, 3:59 PM
MSA-11-0047: Possible injection attack in Calendar My mug Michael de Raadt 0 Michael de Raadt
Tue, 6 Dec 2011, 3:59 PM
MSA-11-0046: Insecure authentication transmission My mug Michael de Raadt 0 Michael de Raadt
Tue, 6 Dec 2011, 3:58 PM
MSA-11-0045: Potential to masquerade through MNet My mug Michael de Raadt 0 Michael de Raadt
Tue, 6 Dec 2011, 3:58 PM
MSA-11-0044: Expired identification information shown in Web services My mug Michael de Raadt 0 Michael de Raadt
Tue, 6 Dec 2011, 3:57 PM
MSA-11-0043: Possible link redirect in Calendar My mug Michael de Raadt 0 Michael de Raadt
Tue, 6 Dec 2011, 3:57 PM
MSA-11-0042: Information leak in Wiki My mug Michael de Raadt 0 Michael de Raadt
Tue, 6 Dec 2011, 3:57 PM
MSA-11-0040: Potential personal information leak My mug Michael de Raadt 0 Michael de Raadt
Mon, 31 Oct 2011, 3:29 PM
MSA-11-0038: Database injection protection strengthened My mug Michael de Raadt 0 Michael de Raadt
Thu, 27 Oct 2011, 11:38 PM
MSA-11-0041: Global search authentication issue My mug Michael de Raadt 0 Michael de Raadt
Tue, 18 Oct 2011, 12:24 PM
MSA-11-0039: Wiki section vulnerability My mug Michael de Raadt 0 Michael de Raadt
Tue, 18 Oct 2011, 12:21 PM
MSA-11-0037: Course section editing injection vulnerability My mug Michael de Raadt 0 Michael de Raadt
Tue, 18 Oct 2011, 12:17 PM
MSA-11-0036: Messaging refresh vulnerability My mug Michael de Raadt 0 Michael de Raadt
Tue, 18 Oct 2011, 12:15 PM
MSA-11-0035: Cookie-less session vulnerability My mug Michael de Raadt 0 Michael de Raadt
Tue, 18 Oct 2011, 12:13 PM
MSA-11-0034: Chat module information leak My mug Michael de Raadt 0 Michael de Raadt
Tue, 18 Oct 2011, 12:11 PM
MSA-11-0033: Site-hub registration identity issue My mug Michael de Raadt 0 Michael de Raadt
Tue, 18 Oct 2011, 12:09 PM
MSA-11-0032: MNET SSL validation issue My mug Michael de Raadt 0 Michael de Raadt
Tue, 18 Oct 2011, 12:07 PM
MSA-11-0031: Forms API constant issue My mug Michael de Raadt 0 Michael de Raadt
Tue, 18 Oct 2011, 12:06 PM
MSA-11-0030: Box.net repository integration authentication issue My mug Michael de Raadt 0 Michael de Raadt
Tue, 18 Oct 2011, 12:03 PM
MSA-11-0029: File visibility issue My mug Michael de Raadt 0 Michael de Raadt
Tue, 18 Oct 2011, 11:59 AM
MSA-11-0028: Wiki comments cross site scripting issue My mug Michael de Raadt 0 Michael de Raadt
Tue, 18 Oct 2011, 11:56 AM
MSA-11-0027: Wiki pages reference forgery issue My mug Michael de Raadt 0 Michael de Raadt
Tue, 18 Oct 2011, 11:55 AM
MSA-11-0026: Fields in user upload CSV not being escaped My mug Michael de Raadt 0 Michael de Raadt
Tue, 18 Oct 2011, 11:52 AM
MSA-11-0025: Group names in user upload CSV not being escaped My mug Michael de Raadt 0 Michael de Raadt
Mon, 8 Aug 2011, 5:02 PM
MSA-11-0024: Recaptcha images were being authenticated from an older server My mug Michael de Raadt 0 Michael de Raadt
Mon, 8 Aug 2011, 5:02 PM
MSA-11-0023: Guests can add comments to front page activities My mug Michael de Raadt 0 Michael de Raadt
Mon, 8 Aug 2011, 5:01 PM
MSA-11-0022: Course creators could change filters at course level My mug Michael de Raadt 0 Michael de Raadt
Mon, 8 Aug 2011, 5:00 PM
MSA-11-0021: Role assignment web service function not following restrictions My mug Michael de Raadt 0 Michael de Raadt
Mon, 8 Aug 2011, 4:59 PM
MSA-11-0020: Continue links in error messages can lead offsite My mug Michael de Raadt 0 Michael de Raadt
Mon, 8 Aug 2011, 4:59 PM
MSA-11-0019: Themes writing to files outside Moodle data directory My mug Michael de Raadt 0 Michael de Raadt
Mon, 8 Aug 2011, 4:59 PM
MSA-11-0018: Lacking capability controls over cohorts My mug Michael de Raadt 0 Michael de Raadt
Mon, 8 Aug 2011, 4:58 PM
MSA-11-0017: Ability to generate invalid records in the comments table in the database Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, 18 May 2011, 4:09 PM
MSA-11-0016: Ability to fill a database with invalid records through ratings Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, 18 May 2011, 4:05 PM
MSA-11-0015: Cross Site Scripting through URL encoding Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, 18 May 2011, 4:01 PM
MSA-11-0014: Personal details displayed without permission Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, 18 May 2011, 3:57 PM
MSA-11-0013: Group/Quiz permissions issue Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, 18 May 2011, 3:52 PM
MSA-11-0012: Authentication issue Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, 18 May 2011, 3:44 PM
MSA-11-0011: Multiple cross-site scripting problems in media filter Picture of Helen Foster Helen Foster 0 Helen Foster
Tue, 1 Mar 2011, 11:12 PM
MSA-11-0010: Incorrect default for mod:course/delete capability in teacher role Picture of Helen Foster Helen Foster 0 Helen Foster
Tue, 1 Mar 2011, 11:10 PM
MSA-11-0009: My profile block may disclose private information if used in user context Picture of Helen Foster Helen Foster 0 Helen Foster
Tue, 1 Mar 2011, 10:57 PM
MSA-11-0008: IMS enterprise enrolment file may disclose sensitive information Picture of Helen Foster Helen Foster 0 Helen Foster
Tue, 1 Mar 2011, 10:54 PM
MSA-11-0007: Cross-site scripting vulnerability in course tags Picture of Helen Foster Helen Foster 0 Helen Foster
Tue, 1 Mar 2011, 10:51 PM
MSA-11-0006: Cross-site request forgery and missing access control in course completion Picture of Helen Foster Helen Foster 0 Helen Foster
Tue, 1 Mar 2011, 10:35 PM
MSA-11-0005: Cross-site scripting vulnerability in spikephpcoverage Picture of Helen Foster Helen Foster 0 Helen Foster
Tue, 1 Mar 2011, 10:31 PM
MSA-11-0004: $CFG->forceloginforprofiles setting ignored in course profiles Picture of Helen Foster Helen Foster 0 Helen Foster
Tue, 1 Mar 2011, 10:31 PM
MSA-11-0003: Cross-site scripting vulnerability in tag autocomplete Picture of Helen Foster Helen Foster 0 Helen Foster
Tue, 1 Mar 2011, 10:31 PM
MSA-11-0002: Cross-site request forgery vulnerability in RSS block Picture of Helen Foster Helen Foster 0 Helen Foster
Tue, 1 Mar 2011, 10:29 PM
MSA-11-0001: Customised phpMyAdmin upgraded to 2.11.11.3 and 3.3.9.2 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, 21 Feb 2011, 5:01 PM
MSA-10-0018: Customised phpMyAdmin upgraded to 2.11.11.1 and 3.3.8.1 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Sat, 18 Dec 2010, 5:01 AM
MSA-10-0017: XSS vulnerability in YUI 2.4.0 through YUI 2.8.1 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Tue, 26 Oct 2010, 4:30 AM
MSA-10-0016: Multiple phpCAS library vulnerabilities Picture of Helen Foster Helen Foster 0 Helen Foster
Mon, 25 Oct 2010, 7:27 PM
MSA-10-0015: Customised HTML Purifier upgraded to 4.2.0 Picture of Helen Foster Helen Foster 0 Helen Foster
Mon, 25 Oct 2010, 7:25 PM
MSA-10-0014: Customised phpMyAdmin upgraded to 2.11.11 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Sun, 24 Oct 2010, 7:19 PM
MSA-10-0013: Potential Cross Site Request Forgery vulnerability in Quiz reports Picture of Helen Foster Helen Foster 0 Helen Foster
Thu, 17 Jun 2010, 11:39 PM
MSA-10-0012: KSES Security Filter Bypassing vulnerability Picture of Helen Foster Helen Foster 0 Helen Foster
Thu, 17 Jun 2010, 11:36 PM
MSA-10-0011: Cross Site Scripting vulnerability in blog/index.php Picture of Helen Foster Helen Foster 0 Helen Foster
Thu, 17 Jun 2010, 11:34 PM
MSA-10-0010: Persistent Cross Site Scripting vulnerability in the MNET access control interface Picture of Helen Foster Helen Foster 0 Helen Foster
Thu, 17 Jun 2010, 11:28 PM
MSA-10-0009: Session fixation prevention now turned on by default Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 31 Mar 2010, 9:29 PM
MSA-10-0008: Persistent XSS when using Login-as feature Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 31 Mar 2010, 8:51 PM
MSA-10-0007: Reflective Cross Site Scripting (XSS) in the Moodle Global Search Engine Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 31 Mar 2010, 8:47 PM
MSA-10-0006: SQL injection in Wiki module Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 31 Mar 2010, 8:45 PM
MSA-10-0005: Incorrect validation of forms data Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 31 Mar 2010, 8:42 PM
MSA-10-0004: Improved access control in course restore Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 31 Mar 2010, 8:41 PM
MSA-10-0003: Disclosure of full user names Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 31 Mar 2010, 8:41 PM
MSA-10-0002: XSS vulnerabilty in the phpcas module Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 31 Mar 2010, 8:33 PM
MSA-10-0001: Vulnerability in KSES text cleaning Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 31 Mar 2010, 8:31 PM
MSA-09-0030: New detection of insecure flash player plugins Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, 2 Dec 2009, 5:36 AM
MSA-09-0031: SQL injection in SCORM module Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, 2 Dec 2009, 5:01 AM
MSA-09-0029: Multiple password related issues Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, 2 Dec 2009, 3:44 AM
MSA-09-0028: Multiple backup/restore related issues Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, 2 Dec 2009, 3:39 AM
MSA-09-0027: Login information can be sent unsecured even when site is configured to use SSL for logins Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, 2 Dec 2009, 3:32 AM
MSA-09-0026: Invalid application access control in MNET interface Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, 2 Dec 2009, 3:28 AM
MSA-09-0025: Unneeded MD5 hashes removed from user table Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, 2 Dec 2009, 3:22 AM
MSA-09-0024: Insufficient access control in glossary Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, 2 Dec 2009, 3:18 AM
MSA-09-0023: User account disclosure in LAMS module Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, 2 Dec 2009, 3:15 AM
MSA-09-0022: Multiple CSRF problems fixed Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, 2 Dec 2009, 3:11 AM
MSA-09-0021: Error in ADODB OCI8/MSSQL drivers allows SQL injection vulnerability Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Tue, 3 Nov 2009, 4:09 AM
MSA-09-0020: Teachers can view students' grades in all courses in the overview report Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Tue, 3 Nov 2009, 3:52 AM
MSA-09-0019: SQL injection in update_record Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Tue, 3 Nov 2009, 3:50 AM
MSA-09-0018: Incorrect escaping when updating first post in a single simple discussion forum type Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Tue, 3 Nov 2009, 3:46 AM
MSA-09-0017: Upgrade code in 1.9 does not escape tags properly Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Tue, 3 Nov 2009, 3:43 AM
MSA-09-0016: Email not properly escaped on user edit page Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Tue, 3 Nov 2009, 3:41 AM
MSA-09-0015: Customised PhpMyAdmin upgraded to 2.11.9.6 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Thu, 15 Oct 2009, 2:12 AM
MSA-09-0014: mimeTeX vulnerabilities Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Tue, 21 Jul 2009, 5:00 PM
MSA-09-0013: Customised PhpMyAdmin upgraded to 2.11.9.5 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 20 May 2009, 10:28 PM
MSA-09-0012: SQL injections when importing outcomes Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 20 May 2009, 7:01 PM
MSA-09-0011: Glossary, database and forum ratings are not verified after submission Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 20 May 2009, 7:01 PM
MSA-09-0010: Unzip binary may create symbolic links pointing outside of dataroot on unix/linux servers Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 20 May 2009, 6:58 PM
MSA-09-0009: TeX filter file disclosure Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, 13 Apr 2009, 10:46 PM
Prevent profile spam on your Moodle site Martin Dougiamas Martin Dougiamas 0 Martin Dougiamas
Tue, 10 Feb 2009, 1:32 PM
MSA-09-0008: CSRF vulnerability in forum code Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 4 Feb 2009, 6:14 PM
MSA-09-0007: Missing input validation in logs allows potential XSS attacks Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 4 Feb 2009, 6:12 PM
MSA-09-0006: Calendar export may allow brute force attacks Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 4 Feb 2009, 6:08 PM
MSA-09-0005: Moodle 'spell-check-logic.cgi' Insecure Temporary File Creation Vulnerability Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 4 Feb 2009, 6:08 PM
MSA-09-0004: XSS vulnerabilities in HTML blocks if "Login as" used Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 4 Feb 2009, 6:08 PM
MSA-09-0003: Vulnerability in Snoopy 1.2.3 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 4 Feb 2009, 6:07 PM
MSA-09-0002: User pix disclosure Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 4 Feb 2009, 5:52 PM
MSA-09-0001: No way easy to remove pictures of deleted users Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 4 Feb 2009, 5:49 PM
MSA-08-0002: register_globals=on not supported Picture of Petr Skoda Petr Skoda 1 Petr Skoda
Tue, 30 Dec 2008, 6:55 AM
MSA-08-0028: customised PhpMyAdmin package upgraded to 2.11.9.4 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 10 Dec 2008, 9:00 AM
MSA-08-0027: customised PhpMyAdmin package upgraded to 2.11.9.3 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, 3 Nov 2008, 7:30 AM
MSA-08-0026: customised HTML Purifier upgraded to 2.1.5 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, 20 Oct 2008, 4:53 AM
MSA-08-0025: SQL injection in tags code Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, 20 Oct 2008, 4:52 AM
MSA-08-0024: Overriding of frozen values in Moodle forms Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, 20 Oct 2008, 4:50 AM
MSA-08-0023: CSRF in messaging setting Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, 20 Oct 2008, 4:48 AM
MSA-08-0022: XSS through Wiki page titles Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, 20 Oct 2008, 4:46 AM
MSA-08-0021: design deficiency combined with incorrect use of format_string() allowing XSS Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, 20 Oct 2008, 4:43 AM
MSA-08-0020: quiz/questions capabilities lack some risk flags in access.php files Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, 20 Oct 2008, 4:40 AM
MSA-08-0019: customised PhpMyAdmin package upgraded to 2.11.9.2 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, 20 Oct 2008, 4:37 AM
MSA-08-0008: KSES related issues Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Tue, 23 Sep 2008, 3:22 AM
MSA-08-0018: customised PhpMyAdmin package upgraded to 2.11.8.1 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Tue, 29 Jul 2008, 8:19 PM
MSA-08-0013: CSRF (Cross-site Request Forgery) on Moodle edit profile page Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 23 Jul 2008, 12:04 AM
MSA-08-0017: customised PhpMyAdmin upgraded to 2.11.7.1 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 16 Jul 2008, 3:26 PM
MSA-08-0016: Email could be changed in profile without confirmation Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 16 Jul 2008, 2:52 PM
MSA-08-0015: accessible profiles of deleted users Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 16 Jul 2008, 2:51 PM
MSA-08-0014: potential sql injection in events handling code Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 16 Jul 2008, 2:49 PM
MSA-08-0012: Potential non-persistent XSS when searching for group members (MSSQL and Oracle only) Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 16 Jul 2008, 2:48 PM
MSA-08-0011: Potential webroot disclosures warning Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 16 Jul 2008, 2:47 PM
MSA-08-0010: sql injection in HotPot module Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 16 Jul 2008, 2:46 PM
MSA-08-0009: Persistent Cross-site Scripting (XSS) on blog entry title parameter Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, 16 Jul 2008, 2:45 PM
MSA-08-0007: imported phpMyAdmin 2.11.5.1 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, 31 Mar 2008, 3:17 PM
MSA-08-0006: Moodle cookie path can not be restricted Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Sat, 19 Jan 2008, 1:58 AM
MSA-08-0005: Bypassing restriction on multiple file uploads Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Sat, 19 Jan 2008, 1:33 AM
MSA-08-0001: Access elevation in user edit form Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Thu, 17 Jan 2008, 9:49 PM
MSA-08-0003: Insufficient access control in Login as feature Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Thu, 17 Jan 2008, 9:49 PM
MSA-08-0004: XSS in install.php before installation Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Thu, 17 Jan 2008, 9:49 PM