状态 话题 发起人 最新帖子 回帖 设置
MSA-19-0019: Course creation did not check the creator's role assignment capability before ...
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 1
MSA-08-0002: register_globals=on not supported
Petr Skoda的头像
Petr Skoda
Petr Skoda的头像
Petr Skoda
 1
MSA-26-0011: CSRF and missing capability check in admin/mnet/peers.php
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-26-0010: Upgrade AWS SDK for PHP including security fix (upstream)
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-26-0009: CSRF risk in reset penalty rules functionality
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-26-0008: Upgrade PHPUnit version to avoid a security risk (upstream)
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-26-0007: Message panel breaks with messages from deleted users (messaging DoS risk)
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-26-0006: RCE risk via Moodle's Google Drive repository plugin
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-26-0005: SQL injection risk in external database authentication plugin
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-26-0004: Update Symfony process module version to avoid a security risk (upstream)
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-26-0003: Denial of service risk in TeX formula editor
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-26-0002: Remote code execution risk in TeX filter admin setting
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-26-0001: Remote code execution risk via file restore
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0061: User IDs exposed in URLs when using anonymous submissions in assignment
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0060: Badges with a role criterion could be awarded to users who do not hold the role
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0059: Reflected XSS risk in policy tool
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0058: Participants can access forum ratings without permission
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0057: Password brute force risk from confirmation email web service
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0056: Open redirect in OAuth login
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0055: Formula injection risk when exporting data to CSV / Excel
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0054: XSS risk in formula editor
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0053: XSS risk via AI prompt injection
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0052: Authentication via LTI Provider available to suspended users
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0051: Remote code execution risk via file restore
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0050: Possible to bypass timer in timed assignments
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0049: Names of hidden groups are visible to users with access to create group calendar events
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0048: Password brute force risk when mobile/web services enabled
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0047: Possible to bypass MFA
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0046: Router produces JSON instead of 404 error when passed a non-existent course ID
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0045: When using router (r.php) it was possible for the server to show application ...
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0044: External cohort search service method leaks system cohort data
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0043: Quiz notifications sent to suspended course participants
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0042: Upgrade FPDI including security fix (upstream)
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0041: Course access permissions are not properly checked in ...
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0040: Capabilities and callback that control access to profiles not working in some web ...
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0039: Feedback activity results did not always respect Separate Groups mode
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0038: Course Logs report did not respect Separate Groups mode
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0037: Unnecessary CSRF token (sesskey) requirement in some LMS BigBlueButton playback ...
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
Important Security Announcement
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0036: IDOR allows fetching of recently accessed courses for other users via web service
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0035: Missing authorisation checks in BigBlueButton view page
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0034: CSRF risk in badges backpack management
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0033: Course visibility not honoured consistently
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0032: SSRF risk via DNS rebind
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0031: Upgrade ADOdb including security fix (upstream)
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0030: Password can be revealed in login page after log out due to caching
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0029: XSS risk in MathJax (safe extension not loaded)
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0028: IDOR when accessing the cohorts report
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0027: IDOR in messaging web service allows access to some user details
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0026: AJAX section delete does not respect course_can_delete_section()
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0025: Reflected XSS risk in policy tool
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0024: Authenticated remote code execution risk in the Moodle LMS EQUELLA repository
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0023: Authenticated remote code execution risk in the Moodle LMS Dropbox repository
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0022: IDOR in web service allows users enrolled in a course to access some details of ...
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0021: CSRF risk in Brickfield tool's analysis request action
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0020: mod_data edit/delete pages pass CSRF token in GET parameter
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0019: IDOR in RSS block allows access to additional RSS feeds
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0018: CSRF risk in user tours manager allows tour duplication
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0017: Self enrolment available before completing second factor with MFA enabled
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0016: Assignment submissions search on anonymous submissions reveals student identities
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0015: Some user data available before completing second factor with MFA enabled
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0014: User DoS and name disclosure risks via IDOR in MFA email factor revoke action
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0013: Remote code execution risk via MimeTeX command (upstream)
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0012: Hidden grades are shown to users without permission on some grade reports
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0011: Unauthenticated REST API user data exposure
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0010: SQL injection risk in course search module list filter
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0009: Teachers can evade trusttext config when restoring glossary entries
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0008: IDOR in badges allows disabling of arbitrary badges
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0007: Upgrade RequireJS including security fix (upstream)
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0006: Reflected XSS via question bank filter
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0005: Stored XSS risk in admin live log
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0004: Stored XSS in ddimageortext question type
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0003: Non-searchable tags can still be discovered on the tag search page and in the tags ...
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0002: Feedback response viewing and deletions did not respect Separate Groups mode
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-25-0001: Arbitrary file read risk through pdfTeX
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0056: Potential denial of service risk due to guest sessions' longer timeout period
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0055: Reflected XSS in question bank filter
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0054: Database activity issue in separate groups mode, for users not in a group
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0053: Email change confirmation token available via preference
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0052: Tag index page displays other users tagged with the selected tag
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0051: Unprotected access to sensitive information via learning plan web service
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0050: IDOR when fetching report schedules
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0049: IDOR when accessing list of badge recipients
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0048: IDOR when accessing list of course badges
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0047: Some users can delete audiences of other reports
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0046: IDOR in edit/delete RSS feed
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0045: Users' names returned in messaging error message
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0044: Lesson activity password bypass through PHP loose comparison
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0043: IDOR when deleting OAuth2 linked accounts
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0042: Unprotected access to sensitive information via dynamic tables
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0041: LFI vulnerability when restoring malformed block backups
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0040: Reflected XSS via H5P error message
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0039: IDOR in Feedback non-respondents report allows messaging arbitrary site users
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0038: XSS risk when restoring malicious course backup file
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0037: Site administration SQL injection via XMLDB editor
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0036: Can create global glossary without being admin
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0035: CSRF risk in Feedback non-respondents report
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0034: Matrix user/power level management not always working as expected with suspended users
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0033: Authorization headers preserved between "emulated redirects"
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0
MSA-24-0032: IDOR in badges allows deletion of arbitrary badges
Michael Hawkins的头像
Michael Hawkins
Michael Hawkins的头像
Michael Hawkins
 0