吉祥寺北口システムが気になった記事をクリップしています。タイトルから元記事にリンクしています。タグは記事タイトルを形態素分析しています。たまにコメントをつけています。
MSA-
Moodle.org: MSA-24-0026: Remote code execution via calculated question types | Moodle.org
0026
(1)
24
(462)
Calculated
(4)
Code
(400)
execution
(116)
Moodle
(29)
MSA-
(21)
org
(402)
question
(5)
Remote
(203)
Types
(19)
via
(72)
Moodle.org: MSA-20-0004: Admin PHP unit webrunner tool requires additional input escaping
0004
(3)
20
(898)
Additional
(21)
Admin
(30)
escaping
(2)
input
(13)
Moodle
(29)
MSA-
(21)
org
(402)
PHP
(175)
Requires
(5)
tool
(105)
Unit
(32)
webrunner
(1)
Moodle.org: MSA-20-0003: IP addresses can be spoofed using X-Forwarded-For
0003
(3)
20
(898)
Addresses
(18)
BE
(151)
can
(241)
IP
(348)
Moodle
(29)
MSA-
(21)
org
(402)
spoofed
(3)
using
(213)
X-Forwarded-For
(1)
Moodle.org: MSA-20-0002: Grade history report does not respect Separate groups mode in the course settings
0002
(3)
20
(898)
Course
(9)
Does
(28)
GRADE
(10)
Groups
(31)
History
(55)
in
(2447)
Mode
(77)
Moodle
(29)
MSA-
(21)
Not
(117)
org
(402)
Report
(334)
respect
(5)
Separate
(3)
settings
(15)
the
(4365)
Moodle.org: MSA-19-0003: User full name is not escaped in the un-linked userpix page
0003
(3)
19
(777)
escaped
(1)
Full
(53)
in
(2447)
is
(1010)
Moodle
(29)
MSA-
(21)
Name
(46)
Not
(117)
org
(402)
Page
(64)
the
(4365)
un-linked
(1)
user
(133)
userpix
(1)
Moodle.org: MSA-19-0002: Blind SSRF Risk in /badges/mybackpack.php
0002
(3)
19
(777)
badges
(2)
Blind
(7)
in
(2447)
Moodle
(29)
MSA-
(21)
mybackpack
(1)
org
(402)
PHP
(175)
Risk
(79)
SSRF
(9)
Moodle.org: MSA-19-0001: Manage groups capability is missing XSS risk flag
0001
(3)
19
(777)
Capability
(8)
Flag
(9)
Groups
(31)
is
(1010)
manage
(25)
Missing
(11)
Moodle
(29)
MSA-
(21)
org
(402)
Risk
(79)
XSS
(55)
Moodle.org: MSA-18-0020: Login CSRF vulnerability in login form
0020
(1)
18
(403)
CSRF
(15)
Form
(47)
in
(2447)
login
(20)
Moodle
(29)
MSA-
(21)
org
(402)
Vulnerability
(515)
Moodle.org: MSA-18-0012: Portfolio script allows instantiation of class chosen by user
0012
(5)
18
(403)
allows
(25)
by
(1069)
chosen
(3)
Class
(40)
instantiation
(1)
Moodle
(29)
MSA-
(21)
of
(3341)
org
(402)
Portfolio
(15)
Script
(12)
user
(133)
Moodle.org: MSA-18-0007: Calculated question type allows remote code execution by Question authors
0007
(2)
18
(403)
allows
(25)
Authors
(2)
by
(1069)
Calculated
(4)
Code
(400)
execution
(116)
Moodle
(29)
MSA-
(21)
org
(402)
question
(5)
Remote
(203)
Type
(149)
Moodle.org: MSA-18-0006: Suspended users with OAuth 2 authentication method can still log in to the site
0006
(3)
18
(403)
authentication
(69)
can
(241)
in
(2447)
log
(103)
method
(18)
Moodle
(29)
MSA-
(21)
OAuth
(21)
org
(402)
site
(432)
Still
(32)
Suspended
(5)
the
(4365)
to
(3295)
Users
(195)
with
(1607)
Moodle.org: MSA-18-0005: Unauthenticated users can trigger custom messages to admin via paypal enrol script
0005
(1)
18
(403)
Admin
(30)
can
(241)
custom
(64)
enrol
(1)
Messages
(28)
Moodle
(29)
MSA-
(21)
org
(402)
PayPal
(72)
Script
(12)
to
(3295)
trigger
(9)
Unauthenticated
(13)
Users
(195)
via
(72)
Moodle.org: MSA-16-0022: Web service tokens should be invalidated when the user password is changed or forced to be changed
BE
(151)
changed
(6)
forced
(3)
invalidated
(1)
is
(1010)
Moodle
(29)
MSA-
(21)
or
(98)
org
(402)
password
(107)
Service
(812)
should
(24)
the
(4365)
to
(3295)
tokens
(12)
user
(133)
Web
(9079)
when
(84)
Moodle.org: MSA-16-0002: XSS Vulnerability in course management search
Course
(9)
in
(2447)
Management
(229)
Moodle
(29)
MSA-
(21)
org
(402)
Search
(289)
Vulnerability
(515)
XSS
(55)
Moodle.org: MSA-16-0001: Two enrolment-related web services don’t check course visibility
Check
(111)
Course
(9)
Don't
(21)
enrolment-related
(1)
Moodle
(29)
MSA-
(21)
org
(402)
Services
(6355)
Two
(113)
Visibility
(14)
Web
(9079)
Moodle.org: MSA-15-0010: Personal contacts and number of unread messages can be revealed
and
(3289)
BE
(151)
can
(241)
Contacts
(8)
Messages
(28)
Moodle
(29)
MSA-
(21)
number
(20)
of
(3341)
org
(402)
Personal
(52)
revealed
(11)
unread
(1)
Moodle.org: MSA-15-0017: XSS in quiz statistics report
in
(2447)
Moodle
(29)
MSA-
(21)
org
(402)
quiz
(8)
Report
(334)
statistics
(15)
XSS
(55)
Moodle.org: MSA-15-0009: Directory Traversal Attack possible through some files serving JS
Attack
(173)
Directory
(82)
files
(67)
js
(227)
Moodle
(29)
MSA-
(21)
org
(402)
possible
(27)
Serving
(12)
some
(41)
through
(95)
traversal
(8)
Moodle.org: MSA-14-0035: Headers not added to some AJAX scripts
added
(15)
Ajax
(6)
Headers
(8)
Moodle
(29)
MSA-
(21)
Not
(117)
org
(402)
scripts
(9)
some
(41)
to
(3295)
Moodle.org: MSA-14-0034: Identity information revealed early in Q&A forum
early
(44)
Forum
(35)
Identity
(71)
in
(2447)
INFORMATION
(226)
Moodle
(29)
MSA-
(21)
org
(402)
revealed
(11)
Moodle.org: MSA-14-0033: URL parameter injection in CAS authentication
authentication
(69)
CAS
(10)
in
(2447)
Injection
(59)
Moodle
(29)
MSA-
(21)
org
(402)
parameter
(8)
URL
(188)