This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Namecpe:/a:mahara:mahara:1.1.0
Detail
VendorMaharaFirst view 2009-03-11
ProductMaharaLast view 2012-07-12
Version1.1.0TypeApplication
Edition 
Language 
Update 
 
CPE Productcpe:/a:mahara:mahara

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
5 2012-07-12 CVE-2012-2351 Network Low None Requ...
6 2011-11-14 CVE-2011-4118 Network Medium Requires ...
6.8 2011-11-14 CVE-2011-2773 Network Medium None Requ...
5 2011-11-14 CVE-2011-2772 Network Low None Requ...
4.3 2011-11-14 CVE-2011-2771 Network Medium None Requ...
Hide | Show 15 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
4.3 2011-05-13 CVE-2011-1406 Network Medium None Requ...
3.5 2011-05-13 CVE-2011-1405 Network Medium Requires ...
4 2011-05-13 CVE-2011-1404 Network Low Requires ...
6.8 2011-05-13 CVE-2011-1403 Network Medium None Requ...
6.5 2011-05-13 CVE-2011-1402 Network Low Requires ...
4.3 2010-11-09 CVE-2010-3871 Network Medium None Requ...
4.3 2010-07-06 CVE-2010-2479 Network Medium None Requ...
7.5 2010-07-06 CVE-2010-1670 Network Low None Requ...
7.5 2010-07-06 CVE-2010-1669 Network Low None Requ...
6.8 2010-07-06 CVE-2010-1668 Network Medium None Requ...
4.3 2010-07-06 CVE-2010-1667 Network Medium None Requ...
4.3 2009-11-03 CVE-2009-3299 Network Medium None Requ...
6.5 2009-11-03 CVE-2009-3298 Network Low Requires ...
4.3 2009-06-23 CVE-2009-2170 Network Medium None Requ...
4.3 2009-03-11 CVE-2009-0660 Network Medium None Requ...

CWE : Common Weakness Enumeration

%idName
40% (8)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
20% (4)CWE-264Permissions, Privileges, and Access Controls
15% (3)CWE-352Cross-Site Request Forgery (CSRF)
10% (2)CWE-16Configuration
5% (1)CWE-287Improper Authentication
Hide | Show 2 More...
%idName
5% (1)CWE-89Improper Sanitization of Special Elements used in an SQL Command ('...
5% (1)CWE-20Improper Input Validation

Oval Markup Language : Definitions

OvalIDName
oval:org.mitre.oval:def:8375DSA-1736 mahara -- insufficient input sanitising
oval:org.mitre.oval:def:13501DSA-1736-1 mahara -- insufficient input sanitising
oval:org.mitre.oval:def:8182DSA-1924 mahara -- several vulnerabilities
oval:org.mitre.oval:def:13448DSA-1924-1 mahara -- several vulnerabilities
oval:org.mitre.oval:def:13104DSA-2067-1 mahara -- several
Hide | Show 4 More...
idName
oval:org.mitre.oval:def:11886DSA-2067 mahara -- several vulnerabilities
oval:org.mitre.oval:def:13046DSA-2246-1 mahara -- several vulnerabilities
oval:org.mitre.oval:def:15228DSA-2334-1 mahara -- several
oval:org.mitre.oval:def:18492DSA-2467-1 mahara - insecure defaults

Open Source Vulnerability Database (OSVDB)

idDescription
77207Mahara MNet XMLRPC Jump Remote Privilege Escalation
76919Mahara admin/users/addtoinstitution.php User Institution Manipulation CSRF
76918Mahara Overly Large Image Handling Remote DoS
76917Mahara External Feed Block Unspecified XSS
73458Mahara wwwroot https URL Parsing Credential Disclosure
Hide | Show 15 More...
idDescription
73457Mahara HTML Email Message XSS
73456Mahara Multiple Script AJAX Call Parsing Information Disclosure
73455Mahara Admin User Addition CSRF
73454Mahara Multiple Script Access Restriction Bypass
69111Mahara blocktype/groupviews/theme/raw/groupviews.tpl Unspecified Parameter XSS
66062Mahara Single Sign-on Authentication Plugin Null Password Authentication Bypass
66061Mahara Unspecified SQL Injection
66060Mahara Multiple Unspecified CSRF
66059Mahara Multiple Unspecified XSS
64113HTML Purifier Unspecified XSS
59584Mahara Site Admin Password Reset Remote Privilege Escalation
59583Mahara Resume Blocktype XSS
55276Mahara Unspecified XSS
52843Mahara Blog Functionality Unspecified XSS
52842Mahara Profile Functionality Unspecified XSS

OpenVAS Exploits

idDescription
2012-05-31Name : Debian Security Advisory DSA 2467-1 (mahara)
File : nvt/deb_2467_1.nasl
2012-02-11Name : Debian Security Advisory DSA 2334-1 (mahara)
File : nvt/deb_2334_1.nasl
2011-08-03Name : Debian Security Advisory DSA 2246-1 (mahara)
File : nvt/deb_2246_1.nasl
2011-05-23Name : Mahara Multiple Remote Vulnerabilities
File : nvt/gb_mahara_mult_vuln.nasl
2010-12-02Name : Fedora Update for moodle FEDORA-2010-13396
File : nvt/gb_fedora_2010_13396_moodle_fc14.nasl
Hide | Show 10 More...
idDescription
2010-11-09Name : Mahara 'groupviews.tpl' Cross Site Scripting Vulnerability
File : nvt/gb_mahara_44705.nasl
2010-08-24Name : Fedora Update for moodle FEDORA-2010-13250
File : nvt/gb_fedora_2010_13250_moodle_fc13.nasl
2010-08-24Name : Fedora Update for moodle FEDORA-2010-13254
File : nvt/gb_fedora_2010_13254_moodle_fc12.nasl
2010-07-05Name : Mahara Multiple Remote Vulnerabilities
File : nvt/gb_mahara_41319.nasl
2009-11-11Name : Debian Security Advisory DSA 1924-1 (mahara)
File : nvt/deb_1924_1.nasl
2009-11-04Name : Mahara Multiple vulnerabilities
File : nvt/mahara_multiple_vuln.nasl
2009-06-26Name : Mahara Cross-Site Scripting Vulnerability
File : nvt/secpod_mahara_xss_vuln.nasl
2009-03-20Name : Debian Security Advisory DSA 1736-1 (mahara)
File : nvt/deb_1736_1.nasl
2009-03-13Name : Ubuntu USN-731-1 (apache2)
File : nvt/ubuntu_731_1.nasl
2009-03-13Name : Ubuntu USN-732-1 (dash)
File : nvt/ubuntu_732_1.nasl

Nessus® Vulnerability Scanner

idDescription
2012-05-10Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2467.nasl - Type : ACT_GATHER_INFO
2011-11-07Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2334.nasl - Type : ACT_GATHER_INFO
2011-06-10Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2246.nasl - Type : ACT_GATHER_INFO
2010-08-24Name : The remote Fedora host is missing a security update.
File : fedora_2010-13396.nasl - Type : ACT_GATHER_INFO
2010-08-23Name : The remote Fedora host is missing a security update.
File : fedora_2010-13250.nasl - Type : ACT_GATHER_INFO
Hide | Show 5 More...
idDescription
2010-08-23Name : The remote Fedora host is missing a security update.
File : fedora_2010-13254.nasl - Type : ACT_GATHER_INFO
2010-07-05Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2067.nasl - Type : ACT_GATHER_INFO
2010-02-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1924.nasl - Type : ACT_GATHER_INFO
2009-06-24Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1822.nasl - Type : ACT_GATHER_INFO
2009-03-11Name : The remote Debian host is missing a security-related update.
File : debian_DSA-1736.nasl - Type : ACT_GATHER_INFO