This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
Summuary | |
---|---|
CPE Name | cpe:/a:mahara:mahara:1.1.0 |
Detail | |||
---|---|---|---|
Vendor | Mahara | First view | 2009-03-11 |
Product | Mahara | Last view | 2014-05-19 |
Version | 1.1.0 | Type | Application |
Edition | |||
Language | |||
Update | |||
CPE Product | cpe:/a:mahara:mahara |
Activity : Overall
Related : CVE
Date | Alert | Access Vector | Access Complexity | Authentication | ||
---|---|---|---|---|---|---|
4 | 2014-05-19 | CVE-2013-4432 | Network | Low | Requires ... | |
5.5 | 2014-05-19 | CVE-2013-4431 | Network | Low | Requires ... | |
4.3 | 2014-05-19 | CVE-2013-4430 | Network | Medium | None Requ... | |
4 | 2014-05-19 | CVE-2013-4429 | Network | Low | Requires ... | |
5 | 2012-07-12 | CVE-2012-2351 | Network | Low | None Requ... | |
Date | Alert | Access Vector | Access Complexity | Authentication | ||
---|---|---|---|---|---|---|
6 | 2011-11-14 | CVE-2011-4118 | Network | Medium | Requires ... | |
6.8 | 2011-11-14 | CVE-2011-2773 | Network | Medium | None Requ... | |
5 | 2011-11-14 | CVE-2011-2772 | Network | Low | None Requ... | |
4.3 | 2011-11-14 | CVE-2011-2771 | Network | Medium | None Requ... | |
4.3 | 2011-05-13 | CVE-2011-1406 | Network | Medium | None Requ... | |
3.5 | 2011-05-13 | CVE-2011-1405 | Network | Medium | Requires ... | |
4 | 2011-05-13 | CVE-2011-1404 | Network | Low | Requires ... | |
6.8 | 2011-05-13 | CVE-2011-1403 | Network | Medium | None Requ... | |
6.5 | 2011-05-13 | CVE-2011-1402 | Network | Low | Requires ... | |
4.3 | 2010-11-09 | CVE-2010-3871 | Network | Medium | None Requ... | |
4.3 | 2010-07-06 | CVE-2010-2479 | Network | Medium | None Requ... | |
7.5 | 2010-07-06 | CVE-2010-1670 | Network | Low | None Requ... | |
7.5 | 2010-07-06 | CVE-2010-1669 | Network | Low | None Requ... | |
6.8 | 2010-07-06 | CVE-2010-1668 | Network | Medium | None Requ... | |
4.3 | 2010-07-06 | CVE-2010-1667 | Network | Medium | None Requ... | |
4.3 | 2009-11-03 | CVE-2009-3299 | Network | Medium | None Requ... | |
6.5 | 2009-11-03 | CVE-2009-3298 | Network | Low | Requires ... | |
4.3 | 2009-06-23 | CVE-2009-2170 | Network | Medium | None Requ... | |
4.3 | 2009-03-11 | CVE-2009-0660 | Network | Medium | None Requ... |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
34% (9) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
26% (7) | CWE-264 | Permissions, Privileges, and Access Controls |
11% (3) | CWE-352 | Cross-Site Request Forgery (CSRF) |
7% (2) | CWE-287 | Improper Authentication |
7% (2) | CWE-16 | Configuration |
% | id | Name |
---|---|---|
3% (1) | CWE-284 | Access Control (Authorization) Issues |
3% (1) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
3% (1) | CWE-20 | Improper Input Validation |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:8375 | DSA-1736 mahara -- insufficient input sanitising |
oval:org.mitre.oval:def:13501 | DSA-1736-1 mahara -- insufficient input sanitising |
oval:org.mitre.oval:def:13104 | DSA-2067-1 mahara -- several |
oval:org.mitre.oval:def:11886 | DSA-2067 mahara -- several vulnerabilities |
oval:org.mitre.oval:def:13046 | DSA-2246-1 mahara -- several vulnerabilities |
id | Name |
---|---|
oval:org.mitre.oval:def:15228 | DSA-2334-1 mahara -- several |
oval:org.mitre.oval:def:8182 | DSA-1924 mahara -- several vulnerabilities |
oval:org.mitre.oval:def:13448 | DSA-1924-1 mahara -- several vulnerabilities |
oval:org.mitre.oval:def:18492 | DSA-2467-1 mahara - insecure defaults |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
77207 | Mahara MNet XMLRPC Jump Remote Privilege Escalation |
76919 | Mahara admin/users/addtoinstitution.php User Institution Manipulation CSRF |
76918 | Mahara Overly Large Image Handling Remote DoS |
76917 | Mahara External Feed Block Unspecified XSS |
73458 | Mahara wwwroot https URL Parsing Credential Disclosure |
id | Description |
---|---|
73457 | Mahara HTML Email Message XSS |
73456 | Mahara Multiple Script AJAX Call Parsing Information Disclosure |
73455 | Mahara Admin User Addition CSRF |
73454 | Mahara Multiple Script Access Restriction Bypass |
69111 | Mahara blocktype/groupviews/theme/raw/groupviews.tpl Unspecified Parameter XSS |
66062 | Mahara Single Sign-on Authentication Plugin Null Password Authentication Bypass |
66061 | Mahara Unspecified SQL Injection |
66060 | Mahara Multiple Unspecified CSRF |
66059 | Mahara Multiple Unspecified XSS |
64113 | HTML Purifier Unspecified XSS |
59584 | Mahara Site Admin Password Reset Remote Privilege Escalation |
59583 | Mahara Resume Blocktype XSS |
55276 | Mahara Unspecified XSS |
52843 | Mahara Blog Functionality Unspecified XSS |
52842 | Mahara Profile Functionality Unspecified XSS |
OpenVAS Exploits
id | Description |
---|---|
2012-05-31 | Name : Debian Security Advisory DSA 2467-1 (mahara) File : nvt/deb_2467_1.nasl |
2012-02-11 | Name : Debian Security Advisory DSA 2334-1 (mahara) File : nvt/deb_2334_1.nasl |
2011-08-03 | Name : Debian Security Advisory DSA 2246-1 (mahara) File : nvt/deb_2246_1.nasl |
2011-05-23 | Name : Mahara Multiple Remote Vulnerabilities File : nvt/gb_mahara_mult_vuln.nasl |
2010-12-02 | Name : Fedora Update for moodle FEDORA-2010-13396 File : nvt/gb_fedora_2010_13396_moodle_fc14.nasl |
id | Description |
---|---|
2010-11-09 | Name : Mahara 'groupviews.tpl' Cross Site Scripting Vulnerability File : nvt/gb_mahara_44705.nasl |
2010-08-24 | Name : Fedora Update for moodle FEDORA-2010-13250 File : nvt/gb_fedora_2010_13250_moodle_fc13.nasl |
2010-08-24 | Name : Fedora Update for moodle FEDORA-2010-13254 File : nvt/gb_fedora_2010_13254_moodle_fc12.nasl |
2010-07-05 | Name : Mahara Multiple Remote Vulnerabilities File : nvt/gb_mahara_41319.nasl |
2009-11-11 | Name : Debian Security Advisory DSA 1924-1 (mahara) File : nvt/deb_1924_1.nasl |
2009-11-04 | Name : Mahara Multiple vulnerabilities File : nvt/mahara_multiple_vuln.nasl |
2009-06-26 | Name : Mahara Cross-Site Scripting Vulnerability File : nvt/secpod_mahara_xss_vuln.nasl |
2009-03-20 | Name : Debian Security Advisory DSA 1736-1 (mahara) File : nvt/deb_1736_1.nasl |
2009-03-13 | Name : Ubuntu USN-731-1 (apache2) File : nvt/ubuntu_731_1.nasl |
2009-03-13 | Name : Ubuntu USN-732-1 (dash) File : nvt/ubuntu_732_1.nasl |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2012-05-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2467.nasl - Type : ACT_GATHER_INFO |
2011-11-07 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2334.nasl - Type : ACT_GATHER_INFO |
2011-06-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2246.nasl - Type : ACT_GATHER_INFO |
2010-08-24 | Name : The remote Fedora host is missing a security update. File : fedora_2010-13396.nasl - Type : ACT_GATHER_INFO |
2010-08-23 | Name : The remote Fedora host is missing a security update. File : fedora_2010-13250.nasl - Type : ACT_GATHER_INFO |
id | Description |
---|---|
2010-08-23 | Name : The remote Fedora host is missing a security update. File : fedora_2010-13254.nasl - Type : ACT_GATHER_INFO |
2010-07-05 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2067.nasl - Type : ACT_GATHER_INFO |
2010-02-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1924.nasl - Type : ACT_GATHER_INFO |
2009-06-24 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1822.nasl - Type : ACT_GATHER_INFO |
2009-03-11 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1736.nasl - Type : ACT_GATHER_INFO |