Security Announcements

The easiest way to keep track of the recent security issues is to register your Moodle site with moodle.org so that your email address is added to the low-volume mailing list for important notifications such as security alerts. Otherwise, after release, all important security issues are published in this forum, which you can subscribe to (moodle.org account required), or follow moodlesecurity on Twitter.

Documentation: Security


DiscussionStarted byRepliesLast post
MSA-15-0029: Javascript injection in SCORM module Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Jul 13, 2015, 8:31 AM
MSA-15-0028: Possible XSS through custom text profile fields in Web Services Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Jul 13, 2015, 8:29 AM
MSA-15-0027: Capability 'mod/forum:canposttomygroups' is not respected when using 'Post a copy to all groups' in forum Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Jul 13, 2015, 8:28 AM
MSA-15-0026: Possible phishing when redirecting to external site using referer header Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Jul 13, 2015, 8:27 AM
MSA-15-0025: Capability to manage own files is not respected in Web Services Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, May 18, 2015, 9:05 AM
MSA-15-0024: User with suspended enrolment can see sections in the navigation tree Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, May 18, 2015, 9:04 AM
MSA-15-0023: Suspended user is able to login when confirming email Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, May 18, 2015, 9:03 AM
MSA-15-0022: Potential XSS risk when returning text entered by student from Web Services Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, May 18, 2015, 9:02 AM
MSA-15-0021: Any authenticated user can subscribe to site-wide event monitor rules Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, May 18, 2015, 9:01 AM
MSA-15-0020: User fullname disclosure through account confirmation link Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, May 18, 2015, 9:00 AM
MSA-15-0019: Possible phishing when redirecting to external site using referer header Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, May 18, 2015, 8:59 AM
MSA-15-0018: Quiz manual-grading is an XSS risk, but does not declare that Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, May 18, 2015, 8:54 AM
MSA-15-0017: XSS in quiz statistics report Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Mar 16, 2015, 11:08 AM
MSA-15-0016: Web services token can be created for user with temporary password Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Mar 16, 2015, 11:08 AM
MSA-15-0015: User without proper permission is able to mark the tag as inappropriate Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Mar 16, 2015, 11:07 AM
MSA-15-0014: Potential information disclosure for the inaccessible courses Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Mar 16, 2015, 11:06 AM
MSA-15-0013: Block title not properly escaped and may cause HTML injection Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Mar 16, 2015, 11:06 AM
MSA-15-0012: ReDoS Possible with Convert links to URLs filter Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Mar 16, 2015, 11:05 AM
MSA-15-0011: Authentication in mdeploy can be bypassed Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Mar 16, 2015, 11:04 AM
MSA-15-0010: Personal contacts and number of unread messages can be revealed Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Mar 16, 2015, 11:03 AM
MSA-15-0009: Directory Traversal Attack possible through some files serving JS Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Tue, Feb 10, 2015, 10:13 AM
MSA-15-0008: Forced logout through Shibboleth authentication plugin Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Jan 19, 2015, 10:02 AM
MSA-15-0007: ReDoS possible in the multimedia filter Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Jan 19, 2015, 10:01 AM
MSA-15-0006: Capability to grade Lesson module is missing XSS bitmask Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Jan 19, 2015, 10:00 AM
MSA-15-0005: Insufficient access check in calendar functions in web-services Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Jan 19, 2015, 9:59 AM
MSA-15-0004: Information leak through messaging functions in web-services Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Jan 19, 2015, 9:58 AM
MSA-15-0003: CSRF possible in Glossary module Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Jan 19, 2015, 9:56 AM
MSA-15-0002: XSS vulnerability in course request pending approval page Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Jan 19, 2015, 9:55 AM
MSA-15-0001: Insufficient access check in LTI module Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Jan 19, 2015, 9:52 AM
MSA-14-0049: Possible to print arbitrary message to user by modifying URL Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Nov 17, 2014, 12:28 PM
MSA-14-0048: CSRF in forum tracking toggle Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Nov 17, 2014, 12:27 PM
MSA-14-0047: Possible data loss in Wiki activity Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Nov 17, 2014, 12:26 PM
MSA-14-0046: CSRF in LTI module Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Nov 17, 2014, 12:25 PM
MSA-14-0045: XSS file upload possible through web service Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Nov 17, 2014, 12:25 PM
MSA-14-0044: Hardware path disclosed in the error message Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Nov 17, 2014, 12:24 PM
MSA-14-0043: Lack of group check in web service for Forum Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Nov 17, 2014, 12:23 PM
MSA-14-0042: Lack of access check in IP lookup functionality Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Nov 17, 2014, 12:22 PM
MSA-14-0041: Lack of capability check in tags list access Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Nov 17, 2014, 12:21 PM
MSA-14-0040: Information leak in Database activity module Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Nov 17, 2014, 12:10 PM
MSA-14-0039: Insufficient access check in LTI module Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Nov 17, 2014, 12:09 PM
MSA-14-0038: Hidden grade information exposed by web services Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Nov 17, 2014, 12:08 PM
MSA-14-0037: Weak temporary password generation Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Nov 17, 2014, 12:07 PM
MSA-14-0036: XSS in mapcourse script in Feedback module Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Nov 17, 2014, 10:37 AM
MSA-14-0035: Headers not added to some AJAX scripts Picture of Marina Glancy Marina Glancy 0 Marina Glancy
Mon, Nov 17, 2014, 10:33 AM
MSA-14-0034: Identity information revealed early in Q&A forum My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Sep 15, 2014, 8:29 AM
MSA-14-0033: URL parameter injection in CAS authentication My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Sep 15, 2014, 8:28 AM
MSA-14-0032: Cross-site scripting in advanced grading methods My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jul 21, 2014, 4:00 PM
MSA-14-0031: Cross-site scripting though scheduled task error messages My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jul 21, 2014, 4:00 PM
MSA-14-0030: Cross-site scripting through logs of failed logins My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jul 21, 2014, 3:59 PM
MSA-14-0029: Cross-site scripting vulnerability in exception dialogues My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jul 21, 2014, 3:58 PM
MSA-14-0028: Cross-site scripting possible in external badges My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jul 21, 2014, 9:56 AM
MSA-14-0027: Forum group posting issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jul 21, 2014, 9:55 AM
MSA-14-0026: Information leak in profile and notes pages My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jul 21, 2014, 9:52 AM
MSA-14-0025: Remote code execution in Quiz My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jul 21, 2014, 9:51 AM
MSA-14-0024: Cross-site scripting vulnerability in profile field My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jul 21, 2014, 9:48 AM
MSA-14-0023: XML External Entity vulnerability in IMSCC and IMSCP My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jul 21, 2014, 9:45 AM
MSA-14-0022: XML External Entity vulnerability in LTI module My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jul 21, 2014, 9:43 AM
MSA-14-0021: Code injection in Repositories My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jul 21, 2014, 9:42 AM
MSA-14-0020: Identity confusion in Shibboleth authentication My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jul 21, 2014, 9:40 AM
MSA-14-0019: Reflected XSS in URL downloader repository My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, May 19, 2014, 9:31 AM
MSA-14-0018: Information leak in courses My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, May 19, 2014, 9:29 AM
MSA-14-0017: File access issue in HTML block My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, May 19, 2014, 9:27 AM
MSA-14-0016: Anonymous student identity revealed in assignment My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, May 19, 2014, 9:26 AM
MSA-14-0015: Web service token expiry issue for MoodleMobile My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, May 19, 2014, 9:24 AM
MSA-14-0014: Cross-site request forgery possible in Assignment My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, May 19, 2014, 9:22 AM
MSA-14-0013: Unfiltered data used in Assignment web services My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 24, 2014, 8:52 AM
MSA-14-0008: Cross site scripting potential in Flowplayer My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 24, 2014, 8:51 AM
MSA-14-0004: Incorrect filtering in Quiz My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 24, 2014, 8:51 AM
MSA-14-0012: Access issue in Badges My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 17, 2014, 9:52 AM
MSA-14-0011: Cross site request forgery potential in IMS enrolments My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 17, 2014, 9:51 AM
MSA-14-0010: Identity information leak in Alfresco Repository My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 17, 2014, 9:48 AM
MSA-14-0009: Identity information leak in Forum and Quiz My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 17, 2014, 9:47 AM
MSA-14-0007: Access issue in Wiki My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 17, 2014, 9:43 AM
MSA-14-0006: Capability issue in Chat My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 17, 2014, 9:40 AM
MSA-14-0005: Access issue in Feedback activity My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 17, 2014, 9:39 AM
MSA-14-0003: Cross-site request forgery vulnerability in profile fields My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 17, 2014, 9:36 AM
MSA-14-0002: Group constraints lacking in "login as" My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jan 20, 2014, 8:49 AM
MSA-14-0001: Config passwords visibility issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jan 20, 2014, 8:48 AM
MSA-13-0040: Cross site scripting vulnerability in YUI library My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Nov 25, 2013, 8:44 AM
MSA-13-0039: Cross site scripting in Quiz My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Nov 25, 2013, 8:35 AM
MSA-13-0038: Access to server files through repository My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Nov 25, 2013, 8:33 AM
MSA-13-0037: Cross site scripting in Messages My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Nov 25, 2013, 8:31 AM
MSA-13-0036: Incorrect headers sent for secured resources My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Nov 25, 2013, 8:29 AM
MSA-13-0035: Inadequate filtering in Blog My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Sep 23, 2013, 4:17 PM
MSA-13-0034: Object injection through Badges My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Sep 23, 2013, 4:17 PM
MSA-13-0033: Potential SQL injection in Moodle's SQL Server driver My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Sep 16, 2013, 9:38 AM
MSA-13-0032: Host verification failure in Amazon S3 repository My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Sep 16, 2013, 9:36 AM
MSA-13-0031: Personal information leak in Feedback activity My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jul 15, 2013, 9:29 AM
MSA-13-0030: Information leak through RSS My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jul 15, 2013, 9:26 AM
MSA-13-0029: XSS risk in conditional activities My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jul 15, 2013, 9:24 AM
MSA-13-0028: Answer information revealed in Lesson activity My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jul 15, 2013, 9:22 AM
MSA-13-0027: Access issue in Chat module My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jul 15, 2013, 9:19 AM
MSA-13-0026: Personal information leak in IMS-LTI My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jul 15, 2013, 9:19 AM
MSA-13-0025: XSS vulnerability in YUI library My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jul 15, 2013, 9:08 AM
MSA-13-0024: Form filtering issue My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, May 21, 2013, 8:13 AM
MSA-13-0023: Permission issue in blog comments My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, May 21, 2013, 8:11 AM
MSA-13-0022: Information leak in hub registration My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, May 21, 2013, 8:09 AM
MSA-13-0021: Potential information leak in Gradebook My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, May 21, 2013, 8:06 AM
MSA-13-0020: Capability issue in Assignment My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, May 21, 2013, 8:01 AM
MSA-13-0019: Unauthorised settings editing through WebDav repository My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 25, 2013, 1:49 PM
MSA-13-0018: Personal information leak through repositories My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 25, 2013, 1:49 PM
MSA-13-0017: Form manipulation issue in notes My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 25, 2013, 1:48 PM
MSA-13-0016: External Entity Injection through Zend library My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 25, 2013, 1:48 PM
MSA-13-0015: Cross-site scripting issue in Filepicker My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 25, 2013, 1:47 PM
MSA-13-0014: Password revealed in WebDav repository My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 25, 2013, 1:47 PM
MSA-13-0013: Server information revealed through exception messages My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 25, 2013, 1:46 PM
MSA-13-0012: Information leak in course profiles My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 25, 2013, 1:46 PM
MSA-13-0011: Calendar subscription capability issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 25, 2013, 1:45 PM
MSA-13-0010: Failure to check capabilities in calendar My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jan 21, 2013, 10:05 AM
MSA-13-0009: Information leak through Blog RSS My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jan 21, 2013, 10:04 AM
MSA-13-0008: Information leak through Blog RSS My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jan 21, 2013, 10:03 AM
MSA-13-0007: Potential exploit in messaging My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jan 21, 2013, 9:59 AM
MSA-13-0006: Potential information leak in Assignment module My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jan 21, 2013, 9:57 AM
MSA-13-0005: Potential phishing attack through URL redirects My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jan 21, 2013, 9:56 AM
MSA-13-0004: Information leak through activity report My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jan 21, 2013, 9:54 AM
MSA-13-0003: Potential server file access through backup restoration My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jan 21, 2013, 9:53 AM
MSA-13-0002: Capability issue with Outcome editing My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jan 21, 2013, 9:50 AM
MSA-13-0001: Security issue in Google Spellchecker in TinyMCE My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Jan 21, 2013, 9:46 AM
MSA-12-0063: Information leak in Check Permissions page My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Nov 19, 2012, 8:29 AM
MSA-12-0062: Information leak in Database activity module My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Nov 19, 2012, 8:27 AM
MSA-12-0061: Remote code execution through Portfolio API My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Nov 19, 2012, 8:24 AM
MSA-12-0060: Cross-site scripting vulnerability in YUI2 My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Nov 19, 2012, 8:22 AM
MSA-12-0059: Information leak in Database activity module My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Nov 19, 2012, 8:20 AM
MSA-12-0058: Possible form data manipulation issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Nov 19, 2012, 8:19 AM
MSA-12-0057: Access issue through repository My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Nov 19, 2012, 8:17 AM
MSA-12-0056: Information leak in drag-and-drop My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Sep 17, 2012, 11:58 AM
MSA-12-0055: Web service access token issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Sep 17, 2012, 11:57 AM
MSA-12-0054: Course reset permission issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Sep 17, 2012, 11:56 AM
MSA-12-0053: Blog file access issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Sep 17, 2012, 11:54 AM
MSA-12-0052: Course topics permission issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Sep 17, 2012, 11:53 AM
MSA-12-0051: File upload size constraint issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Sep 17, 2012, 11:51 AM
MSA-12-0050: Potential DOS attack through database activity My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jul 17, 2012, 8:44 AM
MSA-12-0049: Group restricted activity displayed to all users My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jul 17, 2012, 8:44 AM
MSA-12-0048: Possible XSS in cohort administration My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jul 17, 2012, 8:44 AM
MSA-12-0047: SQL injection potential in Feedback module My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jul 17, 2012, 8:44 AM
MSA-12-0046: Insecure protocol redirection in LDAP authentication My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jul 17, 2012, 8:43 AM
MSA-12-0045: Injection potential in admin for repositories My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jul 17, 2012, 8:22 AM
MSA-12-0044: Capability check issue in forum subscriptions My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jul 17, 2012, 8:20 AM
MSA-12-0043: Early information access issue in forum My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jul 17, 2012, 8:18 AM
MSA-12-0042: File access issue in blocks My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jul 17, 2012, 8:18 AM
MSA-12-0041: XSS issue in LTI module My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jul 17, 2012, 8:14 AM
MSA-12-0040: Capabilities issue through caching My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jul 17, 2012, 8:13 AM
MSA-12-0039: File upload validation issue My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jul 17, 2012, 8:11 AM
MSA-12-0038: Calendar event write permission issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, May 21, 2012, 2:55 PM
MSA-12-0037: Write access issue in Database activity module My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, May 21, 2012, 2:54 PM
MSA-12-0036: Cross-site scripting vulnerability in category identifier My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, May 21, 2012, 2:52 PM
MSA-12-0035: Cross-site scripting vulnerability in "download all" My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, May 21, 2012, 2:50 PM
MSA-12-0034: Potential SQL injection issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, May 21, 2012, 2:48 PM
MSA-12-0033: Cross-site scripting vulnerability in Blog My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, May 21, 2012, 2:47 PM
MSA-12-0032: Cross-site scripting vulnerability in Web services My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, May 21, 2012, 2:45 PM
MSA-12-0031: Cross-site scripting vulnerability in Wiki My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, May 21, 2012, 2:43 PM
MSA-12-0030: Capability manipulation issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, May 21, 2012, 2:38 PM
MSA-12-0029: Information editing access issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, May 21, 2012, 2:36 PM
MSA-12-0028: Insecure authentication issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, May 21, 2012, 2:34 PM
MSA-12-0027: Question bank capability issues My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, May 21, 2012, 2:32 PM
MSA-12-0026: Quiz capability issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, May 21, 2012, 2:30 PM
MSA-12-0025: Personal communication access issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, May 21, 2012, 2:20 PM
MSA-12-0024: Hidden information access issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, May 21, 2012, 2:19 PM
MSA-12-0023: External enrolment plugin context check issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 19, 2012, 1:57 PM
MSA-12-0022: Security conflict in Web services My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 19, 2012, 1:56 PM
MSA-12-0021: Course information leak through tags My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 19, 2012, 1:54 PM
MSA-12-0020: Forum subscription permission issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 19, 2012, 1:53 PM
MSA-12-0019: Overview report and hidden course issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 19, 2012, 1:51 PM
MSA-12-0018: Course information leak in Gradebook export My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 19, 2012, 1:49 PM
MSA-12-0017: Personal information leak issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 19, 2012, 1:47 PM
MSA-12-0016: Default repository capabilities issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 19, 2012, 1:45 PM
MSA-12-0015: Backup and private files issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 19, 2012, 1:42 PM
MSA-12-0014: Password and Web services issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 19, 2012, 1:41 PM
MSA-12-0013: Database activity export permission issue My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Mar 19, 2012, 1:33 PM
MSA-12-0012: Form validation issue My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jan 17, 2012, 10:21 AM
MSA-12-0011: Browser autofill password issue My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jan 17, 2012, 10:19 AM
MSA-12-0010: Unauthorised access to session key My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jan 17, 2012, 10:18 AM
MSA-12-0009: Role access issue My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jan 17, 2012, 10:14 AM
MSA-12-0008: Unsynchronised access via tokens My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jan 17, 2012, 10:12 AM
MSA-12-0007: Email injection prevention My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jan 17, 2012, 10:11 AM
MSA-12-0006: Additional email address validation My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jan 17, 2012, 10:09 AM
MSA-12-0005: Encryption enhancement My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jan 17, 2012, 10:07 AM
MSA-12-0004: Added profile image security My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jan 17, 2012, 10:05 AM
MSA-12-0003: Added password protection My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jan 17, 2012, 10:04 AM
MSA-12-0002: Personal information leak My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jan 17, 2012, 10:01 AM
MSA-12-0001: Recaptcha transmission consistency issue My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Jan 17, 2012, 9:45 AM
MSA-11-0054: Personal information leak My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Dec 6, 2011, 4:24 PM
MSA-11-0053: Security and system administration conflict My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Dec 6, 2011, 4:23 PM
MSA-11-0052: Potential to exploit developer debugging scripts My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Dec 6, 2011, 4:06 PM
MSA-11-0051: Authentication issue with Web services My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Dec 6, 2011, 4:04 PM
MSA-11-0050: Backup capability issue My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Dec 6, 2011, 4:01 PM
MSA-11-0049: Network restriction ineffective with MNet My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Dec 6, 2011, 3:59 PM
MSA-11-0048: Password loss issue My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Dec 6, 2011, 3:59 PM
MSA-11-0047: Possible injection attack in Calendar My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Dec 6, 2011, 3:59 PM
MSA-11-0046: Insecure authentication transmission My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Dec 6, 2011, 3:58 PM
MSA-11-0045: Potential to masquerade through MNet My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Dec 6, 2011, 3:58 PM
MSA-11-0044: Expired identification information shown in Web services My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Dec 6, 2011, 3:57 PM
MSA-11-0043: Possible link redirect in Calendar My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Dec 6, 2011, 3:57 PM
MSA-11-0042: Information leak in Wiki My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Dec 6, 2011, 3:57 PM
MSA-11-0040: Potential personal information leak My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Oct 31, 2011, 3:29 PM
MSA-11-0038: Database injection protection strengthened My ugly mug Michael de Raadt 0 Michael de Raadt
Thu, Oct 27, 2011, 11:38 PM
MSA-11-0041: Global search authentication issue My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Oct 18, 2011, 12:24 PM
MSA-11-0039: Wiki section vulnerability My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Oct 18, 2011, 12:21 PM
MSA-11-0037: Course section editing injection vulnerability My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Oct 18, 2011, 12:17 PM
MSA-11-0036: Messaging refresh vulnerability My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Oct 18, 2011, 12:15 PM
MSA-11-0035: Cookie-less session vulnerability My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Oct 18, 2011, 12:13 PM
MSA-11-0034: Chat module information leak My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Oct 18, 2011, 12:11 PM
MSA-11-0033: Site-hub registration identity issue My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Oct 18, 2011, 12:09 PM
MSA-11-0032: MNET SSL validation issue My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Oct 18, 2011, 12:07 PM
MSA-11-0031: Forms API constant issue My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Oct 18, 2011, 12:06 PM
MSA-11-0030: Box.net repository integration authentication issue My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Oct 18, 2011, 12:03 PM
MSA-11-0029: File visibility issue My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Oct 18, 2011, 11:59 AM
MSA-11-0028: Wiki comments cross site scripting issue My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Oct 18, 2011, 11:56 AM
MSA-11-0027: Wiki pages reference forgery issue My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Oct 18, 2011, 11:55 AM
MSA-11-0026: Fields in user upload CSV not being escaped My ugly mug Michael de Raadt 0 Michael de Raadt
Tue, Oct 18, 2011, 11:52 AM
MSA-11-0025: Group names in user upload CSV not being escaped My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Aug 8, 2011, 5:02 PM
MSA-11-0024: Recaptcha images were being authenticated from an older server My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Aug 8, 2011, 5:02 PM
MSA-11-0023: Guests can add comments to front page activities My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Aug 8, 2011, 5:01 PM
MSA-11-0022: Course creators could change filters at course level My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Aug 8, 2011, 5:00 PM
MSA-11-0021: Role assignment web service function not following restrictions My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Aug 8, 2011, 4:59 PM
MSA-11-0020: Continue links in error messages can lead offsite My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Aug 8, 2011, 4:59 PM
MSA-11-0019: Themes writing to files outside Moodle data directory My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Aug 8, 2011, 4:59 PM
MSA-11-0018: Lacking capability controls over cohorts My ugly mug Michael de Raadt 0 Michael de Raadt
Mon, Aug 8, 2011, 4:58 PM
MSA-11-0017: Ability to generate invalid records in the comments table in the database Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, May 18, 2011, 4:09 PM
MSA-11-0016: Ability to fill a database with invalid records through ratings Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, May 18, 2011, 4:05 PM
MSA-11-0015: Cross Site Scripting through URL encoding Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, May 18, 2011, 4:01 PM
MSA-11-0014: Personal details displayed without permission Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, May 18, 2011, 3:57 PM
MSA-11-0013: Group/Quiz permissions issue Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, May 18, 2011, 3:52 PM
MSA-11-0012: Authentication issue Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, May 18, 2011, 3:44 PM
MSA-11-0011: Multiple cross-site scripting problems in media filter Picture of Helen Foster Helen Foster 0 Helen Foster
Tue, Mar 1, 2011, 11:12 PM
MSA-11-0010: Incorrect default for mod:course/delete capability in teacher role Picture of Helen Foster Helen Foster 0 Helen Foster
Tue, Mar 1, 2011, 11:10 PM
MSA-11-0009: My profile block may disclose private information if used in user context Picture of Helen Foster Helen Foster 0 Helen Foster
Tue, Mar 1, 2011, 10:57 PM
MSA-11-0008: IMS enterprise enrolment file may disclose sensitive information Picture of Helen Foster Helen Foster 0 Helen Foster
Tue, Mar 1, 2011, 10:54 PM
MSA-11-0007: Cross-site scripting vulnerability in course tags Picture of Helen Foster Helen Foster 0 Helen Foster
Tue, Mar 1, 2011, 10:51 PM
MSA-11-0006: Cross-site request forgery and missing access control in course completion Picture of Helen Foster Helen Foster 0 Helen Foster
Tue, Mar 1, 2011, 10:35 PM
MSA-11-0005: Cross-site scripting vulnerability in spikephpcoverage Picture of Helen Foster Helen Foster 0 Helen Foster
Tue, Mar 1, 2011, 10:31 PM
MSA-11-0004: $CFG->forceloginforprofiles setting ignored in course profiles Picture of Helen Foster Helen Foster 0 Helen Foster
Tue, Mar 1, 2011, 10:31 PM
MSA-11-0003: Cross-site scripting vulnerability in tag autocomplete Picture of Helen Foster Helen Foster 0 Helen Foster
Tue, Mar 1, 2011, 10:31 PM
MSA-11-0002: Cross-site request forgery vulnerability in RSS block Picture of Helen Foster Helen Foster 0 Helen Foster
Tue, Mar 1, 2011, 10:29 PM
MSA-11-0001: Customised phpMyAdmin upgraded to 2.11.11.3 and 3.3.9.2 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, Feb 21, 2011, 5:01 PM
MSA-10-0018: Customised phpMyAdmin upgraded to 2.11.11.1 and 3.3.8.1 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Sat, Dec 18, 2010, 5:01 AM
MSA-10-0017: XSS vulnerability in YUI 2.4.0 through YUI 2.8.1 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Tue, Oct 26, 2010, 4:30 AM
MSA-10-0016: Multiple phpCAS library vulnerabilities Picture of Helen Foster Helen Foster 0 Helen Foster
Mon, Oct 25, 2010, 7:27 PM
MSA-10-0015: Customised HTML Purifier upgraded to 4.2.0 Picture of Helen Foster Helen Foster 0 Helen Foster
Mon, Oct 25, 2010, 7:25 PM
MSA-10-0014: Customised phpMyAdmin upgraded to 2.11.11 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Sun, Oct 24, 2010, 7:19 PM
MSA-10-0013: Potential Cross Site Request Forgery vulnerability in Quiz reports Picture of Helen Foster Helen Foster 0 Helen Foster
Thu, Jun 17, 2010, 11:39 PM
MSA-10-0012: KSES Security Filter Bypassing vulnerability Picture of Helen Foster Helen Foster 0 Helen Foster
Thu, Jun 17, 2010, 11:36 PM
MSA-10-0011: Cross Site Scripting vulnerability in blog/index.php Picture of Helen Foster Helen Foster 0 Helen Foster
Thu, Jun 17, 2010, 11:34 PM
MSA-10-0010: Persistent Cross Site Scripting vulnerability in the MNET access control interface Picture of Helen Foster Helen Foster 0 Helen Foster
Thu, Jun 17, 2010, 11:28 PM
MSA-10-0009: Session fixation prevention now turned on by default Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Mar 31, 2010, 9:29 PM
MSA-10-0008: Persistent XSS when using Login-as feature Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Mar 31, 2010, 8:51 PM
MSA-10-0007: Reflective Cross Site Scripting (XSS) in the Moodle Global Search Engine Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Mar 31, 2010, 8:47 PM
MSA-10-0006: SQL injection in Wiki module Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Mar 31, 2010, 8:45 PM
MSA-10-0005: Incorrect validation of forms data Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Mar 31, 2010, 8:42 PM
MSA-10-0004: Improved access control in course restore Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Mar 31, 2010, 8:41 PM
MSA-10-0003: Disclosure of full user names Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Mar 31, 2010, 8:41 PM
MSA-10-0002: XSS vulnerabilty in the phpcas module Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Mar 31, 2010, 8:33 PM
MSA-10-0001: Vulnerability in KSES text cleaning Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Mar 31, 2010, 8:31 PM
MSA-09-0030: New detection of insecure flash player plugins Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, Dec 2, 2009, 5:36 AM
MSA-09-0031: SQL injection in SCORM module Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, Dec 2, 2009, 5:01 AM
MSA-09-0029: Multiple password related issues Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, Dec 2, 2009, 3:44 AM
MSA-09-0028: Multiple backup/restore related issues Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, Dec 2, 2009, 3:39 AM
MSA-09-0027: Login information can be sent unsecured even when site is configured to use SSL for logins Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, Dec 2, 2009, 3:32 AM
MSA-09-0026: Invalid application access control in MNET interface Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, Dec 2, 2009, 3:28 AM
MSA-09-0025: Unneeded MD5 hashes removed from user table Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, Dec 2, 2009, 3:22 AM
MSA-09-0024: Insufficient access control in glossary Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, Dec 2, 2009, 3:18 AM
MSA-09-0023: User account disclosure in LAMS module Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, Dec 2, 2009, 3:15 AM
MSA-09-0022: Multiple CSRF problems fixed Picture of Helen Foster Helen Foster 0 Helen Foster
Wed, Dec 2, 2009, 3:11 AM
MSA-09-0021: Error in ADODB OCI8/MSSQL drivers allows SQL injection vulnerability Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Tue, Nov 3, 2009, 4:09 AM
MSA-09-0020: Teachers can view students' grades in all courses in the overview report Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Tue, Nov 3, 2009, 3:52 AM
MSA-09-0019: SQL injection in update_record Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Tue, Nov 3, 2009, 3:50 AM
MSA-09-0018: Incorrect escaping when updating first post in a single simple discussion forum type Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Tue, Nov 3, 2009, 3:46 AM
MSA-09-0017: Upgrade code in 1.9 does not escape tags properly Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Tue, Nov 3, 2009, 3:43 AM
MSA-09-0016: Email not properly escaped on user edit page Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Tue, Nov 3, 2009, 3:41 AM
MSA-09-0015: Customised PhpMyAdmin upgraded to 2.11.9.6 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Thu, Oct 15, 2009, 2:12 AM
MSA-09-0014: mimeTeX vulnerabilities Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Tue, Jul 21, 2009, 5:00 PM
MSA-09-0013: Customised PhpMyAdmin upgraded to 2.11.9.5 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, May 20, 2009, 10:28 PM
MSA-09-0012: SQL injections when importing outcomes Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, May 20, 2009, 7:01 PM
MSA-09-0011: Glossary, database and forum ratings are not verified after submission Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, May 20, 2009, 7:01 PM
MSA-09-0010: Unzip binary may create symbolic links pointing outside of dataroot on unix/linux servers Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, May 20, 2009, 6:58 PM
MSA-09-0009: TeX filter file disclosure Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, Apr 13, 2009, 10:46 PM
Prevent profile spam on your Moodle site Martin Dougiamas Martin Dougiamas 0 Martin Dougiamas
Tue, Feb 10, 2009, 1:32 PM
MSA-09-0008: CSRF vulnerability in forum code Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Feb 4, 2009, 6:14 PM
MSA-09-0007: Missing input validation in logs allows potential XSS attacks Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Feb 4, 2009, 6:12 PM
MSA-09-0006: Calendar export may allow brute force attacks Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Feb 4, 2009, 6:08 PM
MSA-09-0005: Moodle 'spell-check-logic.cgi' Insecure Temporary File Creation Vulnerability Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Feb 4, 2009, 6:08 PM
MSA-09-0004: XSS vulnerabilities in HTML blocks if "Login as" used Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Feb 4, 2009, 6:08 PM
MSA-09-0003: Vulnerability in Snoopy 1.2.3 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Feb 4, 2009, 6:07 PM
MSA-09-0002: User pix disclosure Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Feb 4, 2009, 5:52 PM
MSA-09-0001: No way easy to remove pictures of deleted users Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Feb 4, 2009, 5:49 PM
MSA-08-0002: register_globals=on not supported Picture of Petr Skoda Petr Skoda 1 Petr Skoda
Tue, Dec 30, 2008, 6:55 AM
MSA-08-0028: customised PhpMyAdmin package upgraded to 2.11.9.4 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Dec 10, 2008, 9:00 AM
MSA-08-0027: customised PhpMyAdmin package upgraded to 2.11.9.3 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, Nov 3, 2008, 7:30 AM
MSA-08-0026: customised HTML Purifier upgraded to 2.1.5 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, Oct 20, 2008, 4:53 AM
MSA-08-0025: SQL injection in tags code Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, Oct 20, 2008, 4:52 AM
MSA-08-0024: Overriding of frozen values in Moodle forms Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, Oct 20, 2008, 4:50 AM
MSA-08-0023: CSRF in messaging setting Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, Oct 20, 2008, 4:48 AM
MSA-08-0022: XSS through Wiki page titles Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, Oct 20, 2008, 4:46 AM
MSA-08-0021: design deficiency combined with incorrect use of format_string() allowing XSS Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, Oct 20, 2008, 4:43 AM
MSA-08-0020: quiz/questions capabilities lack some risk flags in access.php files Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, Oct 20, 2008, 4:40 AM
MSA-08-0019: customised PhpMyAdmin package upgraded to 2.11.9.2 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, Oct 20, 2008, 4:37 AM
MSA-08-0008: KSES related issues Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Tue, Sep 23, 2008, 3:22 AM
MSA-08-0018: customised PhpMyAdmin package upgraded to 2.11.8.1 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Tue, Jul 29, 2008, 8:19 PM
MSA-08-0013: CSRF (Cross-site Request Forgery) on Moodle edit profile page Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Jul 23, 2008, 12:04 AM
MSA-08-0017: customised PhpMyAdmin upgraded to 2.11.7.1 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Jul 16, 2008, 3:26 PM
MSA-08-0016: Email could be changed in profile without confirmation Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Jul 16, 2008, 2:52 PM
MSA-08-0015: accessible profiles of deleted users Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Jul 16, 2008, 2:51 PM
MSA-08-0014: potential sql injection in events handling code Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Jul 16, 2008, 2:49 PM
MSA-08-0012: Potential non-persistent XSS when searching for group members (MSSQL and Oracle only) Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Jul 16, 2008, 2:48 PM
MSA-08-0011: Potential webroot disclosures warning Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Jul 16, 2008, 2:47 PM
MSA-08-0010: sql injection in HotPot module Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Jul 16, 2008, 2:46 PM
MSA-08-0009: Persistent Cross-site Scripting (XSS) on blog entry title parameter Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Wed, Jul 16, 2008, 2:45 PM
MSA-08-0007: imported phpMyAdmin 2.11.5.1 Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Mon, Mar 31, 2008, 3:17 PM
MSA-08-0006: Moodle cookie path can not be restricted Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Sat, Jan 19, 2008, 1:58 AM
MSA-08-0005: Bypassing restriction on multiple file uploads Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Sat, Jan 19, 2008, 1:33 AM
MSA-08-0001: Access elevation in user edit form Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Thu, Jan 17, 2008, 9:49 PM
MSA-08-0003: Insufficient access control in Login as feature Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Thu, Jan 17, 2008, 9:49 PM
MSA-08-0004: XSS in install.php before installation Picture of Petr Skoda Petr Skoda 0 Petr Skoda
Thu, Jan 17, 2008, 9:49 PM