MSA-15-0037 Possible to send a message to a user who blocked
messages from non contacts
MSA-15-0038 DDoS possibility in Atto
MSA-15-0039 CSRF in site registration form
MSA-15-0040 Student XSS in survey
MSA-15-0041 XSS in flash video player
MSA-15-0042 CSRF in lesson login form
MSA-15-0043 Web service core_enrol_get_enrolled_users does not
respect course group mode
MSA-15-0044 Capability to view available badges is not
respected
MSA-15-0045 SCORM module allows to bypass access restrictions based
on date
MSA-15-0046 Choice module closing date can be bypassed