In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context.
Monthly Archives: January 2017
CVE-2017-2578 (moodle)
In Moodle 3.x, there is XSS in the assignment submission page.
CVE-2016-5013
In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.
CVE-2017-2576 (moodle)
In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums.
CVE-2016-8642
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.
CVE-2016-10143 (tikiwiki_cms/groupware)
A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field.
CVE-2017-5542 (symphony_cms)
Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter.
CVE-2016-5012 (moodle)
In Moodle 3.x, glossary search displays entries without checking user permissions to view them.
CVE-2016-8643
In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.
Billion-Dollar Hacker Gang Now Using Google Services to Control Its Banking Malware
Carbanak – One of the most successful cybercriminal gangs ever that’s known for the theft of one billion dollars from over 100 banks across 30 countries back in 2015 – is back with a BANG!
The Carbanak cyber gang has been found abusing various Google services to issue command and control (C&C) communications for monitoring and controlling the machines of unsuspecting malware victims.
<!–
