This CPE summary could be partial or incomplete. Please contact us for a detailed listing.


CPE Namecpe:/a:mahara:mahara:1.1
VendorMaharaFirst view 2009-06-23
ProductMaharaLast view 2012-07-12
CPE Productcpe:/a:mahara:mahara

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
5 2012-07-12 CVE-2012-2351 Network Low None Requ...
6 2011-11-14 CVE-2011-4118 Network Medium Requires ...
6.8 2011-11-14 CVE-2011-2773 Network Medium None Requ...
5 2011-11-14 CVE-2011-2772 Network Low None Requ...
4.3 2011-11-14 CVE-2011-2771 Network Medium None Requ...
Hide | Show 8 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
4.3 2011-05-13 CVE-2011-1406 Network Medium None Requ...
3.5 2011-05-13 CVE-2011-1405 Network Medium Requires ...
4 2011-05-13 CVE-2011-1404 Network Low Requires ...
6.8 2011-05-13 CVE-2011-1403 Network Medium None Requ...
6.5 2011-05-13 CVE-2011-1402 Network Low Requires ...
4.3 2010-11-09 CVE-2010-3871 Network Medium None Requ...
4 2009-06-23 CVE-2009-2171 Network Low Requires ...
4.3 2009-06-23 CVE-2009-2170 Network Medium None Requ...

CWE : Common Weakness Enumeration

30% (4)CWE-264Permissions, Privileges, and Access Controls
30% (4)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
15% (2)CWE-352Cross-Site Request Forgery (CSRF)
15% (2)CWE-16Configuration
7% (1)CWE-20Improper Input Validation

Oval Markup Language : Definitions

oval:org.mitre.oval:def:13046DSA-2246-1 mahara -- several vulnerabilities
oval:org.mitre.oval:def:15228DSA-2334-1 mahara -- several
oval:org.mitre.oval:def:18492DSA-2467-1 mahara - insecure defaults

Open Source Vulnerability Database (OSVDB)

77207Mahara MNet XMLRPC Jump Remote Privilege Escalation
76919Mahara admin/users/addtoinstitution.php User Institution Manipulation CSRF
76918Mahara Overly Large Image Handling Remote DoS
76917Mahara External Feed Block Unspecified XSS
73458Mahara wwwroot https URL Parsing Credential Disclosure
Hide | Show 7 More...
73457Mahara HTML Email Message XSS
73456Mahara Multiple Script AJAX Call Parsing Information Disclosure
73455Mahara Admin User Addition CSRF
73454Mahara Multiple Script Access Restriction Bypass
69111Mahara blocktype/groupviews/theme/raw/groupviews.tpl Unspecified Parameter XSS
55277Mahara Artefact Permission Weakness Restriction Bypass
55276Mahara Unspecified XSS

OpenVAS Exploits

2012-05-31Name : Debian Security Advisory DSA 2467-1 (mahara)
File : nvt/deb_2467_1.nasl
2012-02-11Name : Debian Security Advisory DSA 2334-1 (mahara)
File : nvt/deb_2334_1.nasl
2011-08-03Name : Debian Security Advisory DSA 2246-1 (mahara)
File : nvt/deb_2246_1.nasl
2011-05-23Name : Mahara Multiple Remote Vulnerabilities
File : nvt/gb_mahara_mult_vuln.nasl
2010-11-09Name : Mahara 'groupviews.tpl' Cross Site Scripting Vulnerability
File : nvt/gb_mahara_44705.nasl
Hide | Show 2 More...
2009-06-26Name : Mahara Information Disclosure Vulnerability
File : nvt/secpod_mahara_info_disc_vuln.nasl
2009-06-26Name : Mahara Cross-Site Scripting Vulnerability
File : nvt/secpod_mahara_xss_vuln.nasl

Nessus® Vulnerability Scanner

2012-05-10Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2467.nasl - Type : ACT_GATHER_INFO
2011-11-07Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2334.nasl - Type : ACT_GATHER_INFO
2011-06-10Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2246.nasl - Type : ACT_GATHER_INFO
2009-06-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1822.nasl - Type : ACT_GATHER_INFO