Threat Encyclopedia

Browse the Fortiguard Labs extensive encyclopedia of threats. Click any title to view more details of the threat. Can't find what you are looking for? Try using the search bar above to find a specific threat description.

This update fixes the vulnerabilities existed in Safari, WebKit, WebKit Web Inspector etc.

May 26, 2017
This update fixes the vulnerabilities existed in 802.1X,Accessibility Framework,CoreAnimation,CoreAudio,DiskArbitration,HFS,iBooks,iBooks,iBooks,Intel...

May 26, 2017
It was possible for authenticated users to toggle the visibility of other users' badges.

May 26, 2017
Users were able to access a daemon-mode Chat activity without the required capability.

May 26, 2017
It was possible to start a Feedback activity while it was supposed to be closed.

May 26, 2017
There were missing access checks on Wiki pages allowing students to see pages of other students' individual wikis.

May 26, 2017
The file system repository was allowing access to files beyond the Moodle file area.

May 26, 2017
Improve security when following external links that were added with _blank target

May 26, 2017
Some student details were included in assignment marking pages and would have been revealed to screen readers or through code...

May 26, 2017
It was possible to determine answers from ID values in Lesson activity matching questions.

May 26, 2017
If the site-wide rules exist in the event monitor tool, any user can subscribe themselves to them and potentially access information...

May 26, 2017
Theoretically possible to extract files anywhere on the system where the web server has write access. Although it is quite difficult...

May 26, 2017
It is possible to create HTML injection through blocks with configurable titles, however this could only be exploited by users...

May 26, 2017
CSRF possible on admin page, however exploit unlikely benefit anybody and can easily be reversed

May 26, 2017
Two files in the LTI module lacked a session key check potentially allowing cross-site request forgery.

May 26, 2017
Set tracking script in the Forum module lacked a session key check potentially allowing cross-site request forgery.

May 26, 2017
Password-protected lesson modules are subject to CSRF vulnerability

May 26, 2017
The link changing user preference of how many courses to see in their course overview block was not protected against CSRF. This...

May 26, 2017
CSRF possible in the URL that marks forum posts as read

May 26, 2017
Attacker can send admin a link to site registration form that will display correct URL but, if submitted, will register with another...

May 26, 2017