moodle -- multiple vulnerabilities

2016-11-14T00:00:00
ID F6565FBF-AB9E-11E6-AE1B-002590263BF5
Type freebsd
Reporter FreeBSD
Modified 2016-11-27T00:00:00

Description

Marina Glancy reports:

MSA-16-0023: Question engine allows access to files that should not be available MSA-16-0024: Non-admin site managers may accidentally edit admins via web services MSA-16-0025: Capability to view course notes is checked in the wrong context MSA-16-0026: When debugging is enabled, error exceptions returned from webservices could contain private data