Mahara Mahara 1.1.0

This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Name	cpe:/a:mahara:mahara:1.1.0

Detail
Vendor	Mahara	First view	2009-03-11
Product	Mahara	Last view	2014-05-19
Version	1.1.0	Type	Application
Edition
Language
Update

CPE Product	cpe:/a:mahara:mahara

Activity : Overall

Related : CVE

	Date	Alert	Access Vector	Access Complexity	Authentication
4	2014-05-19	CVE-2013-4432	Network	Low	Requires ...
5.5	2014-05-19	CVE-2013-4431	Network	Low	Requires ...
4.3	2014-05-19	CVE-2013-4430	Network	Medium	None Requ...
4	2014-05-19	CVE-2013-4429	Network	Low	Requires ...
5	2012-07-12	CVE-2012-2351	Network	Low	None Requ...
Hide \| Show 19 More...

	Date	Alert	Access Vector	Access Complexity	Authentication
6	2011-11-14	CVE-2011-4118	Network	Medium	Requires ...
6.8	2011-11-14	CVE-2011-2773	Network	Medium	None Requ...
5	2011-11-14	CVE-2011-2772	Network	Low	None Requ...
4.3	2011-11-14	CVE-2011-2771	Network	Medium	None Requ...
4.3	2011-05-13	CVE-2011-1406	Network	Medium	None Requ...
3.5	2011-05-13	CVE-2011-1405	Network	Medium	Requires ...
4	2011-05-13	CVE-2011-1404	Network	Low	Requires ...
6.8	2011-05-13	CVE-2011-1403	Network	Medium	None Requ...
6.5	2011-05-13	CVE-2011-1402	Network	Low	Requires ...
4.3	2010-11-09	CVE-2010-3871	Network	Medium	None Requ...
4.3	2010-07-06	CVE-2010-2479	Network	Medium	None Requ...
7.5	2010-07-06	CVE-2010-1670	Network	Low	None Requ...
7.5	2010-07-06	CVE-2010-1669	Network	Low	None Requ...
6.8	2010-07-06	CVE-2010-1668	Network	Medium	None Requ...
4.3	2010-07-06	CVE-2010-1667	Network	Medium	None Requ...
4.3	2009-11-03	CVE-2009-3299	Network	Medium	None Requ...
6.5	2009-11-03	CVE-2009-3298	Network	Low	Requires ...
4.3	2009-06-23	CVE-2009-2170	Network	Medium	None Requ...
4.3	2009-03-11	CVE-2009-0660	Network	Medium	None Requ...

CWE : Common Weakness Enumeration

%	id	Name
34% (9)	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting')
26% (7)	CWE-264	Permissions, Privileges, and Access Controls
11% (3)	CWE-352	Cross-Site Request Forgery (CSRF)
7% (2)	CWE-287	Improper Authentication
7% (2)	CWE-16	Configuration
Hide \| Show 3 More...

%	id	Name
3% (1)	CWE-284	Access Control (Authorization) Issues
3% (1)	CWE-89	Improper Sanitization of Special Elements used in an SQL Command ('...
3% (1)	CWE-20	Improper Input Validation

Oval Markup Language : Definitions

OvalID	Name
oval:org.mitre.oval:def:8375	DSA-1736 mahara -- insufficient input sanitising
oval:org.mitre.oval:def:13501	DSA-1736-1 mahara -- insufficient input sanitising
oval:org.mitre.oval:def:13104	DSA-2067-1 mahara -- several
oval:org.mitre.oval:def:11886	DSA-2067 mahara -- several vulnerabilities
oval:org.mitre.oval:def:13046	DSA-2246-1 mahara -- several vulnerabilities
Hide \| Show 4 More...

id	Name
oval:org.mitre.oval:def:15228	DSA-2334-1 mahara -- several
oval:org.mitre.oval:def:8182	DSA-1924 mahara -- several vulnerabilities
oval:org.mitre.oval:def:13448	DSA-1924-1 mahara -- several vulnerabilities
oval:org.mitre.oval:def:18492	DSA-2467-1 mahara - insecure defaults

Open Source Vulnerability Database (OSVDB)

id	Description
77207	Mahara MNet XMLRPC Jump Remote Privilege Escalation
76919	Mahara admin/users/addtoinstitution.php User Institution Manipulation CSRF
76918	Mahara Overly Large Image Handling Remote DoS
76917	Mahara External Feed Block Unspecified XSS
73458	Mahara wwwroot https URL Parsing Credential Disclosure
Hide \| Show 15 More...

id	Description
73457	Mahara HTML Email Message XSS
73456	Mahara Multiple Script AJAX Call Parsing Information Disclosure
73455	Mahara Admin User Addition CSRF
73454	Mahara Multiple Script Access Restriction Bypass
69111	Mahara blocktype/groupviews/theme/raw/groupviews.tpl Unspecified Parameter XSS
66062	Mahara Single Sign-on Authentication Plugin Null Password Authentication Bypass
66061	Mahara Unspecified SQL Injection
66060	Mahara Multiple Unspecified CSRF
66059	Mahara Multiple Unspecified XSS
64113	HTML Purifier Unspecified XSS
59584	Mahara Site Admin Password Reset Remote Privilege Escalation
59583	Mahara Resume Blocktype XSS
55276	Mahara Unspecified XSS
52843	Mahara Blog Functionality Unspecified XSS
52842	Mahara Profile Functionality Unspecified XSS

OpenVAS Exploits

id	Description
2012-05-31	Name : Debian Security Advisory DSA 2467-1 (mahara) File : nvt/deb_2467_1.nasl
2012-02-11	Name : Debian Security Advisory DSA 2334-1 (mahara) File : nvt/deb_2334_1.nasl
2011-08-03	Name : Debian Security Advisory DSA 2246-1 (mahara) File : nvt/deb_2246_1.nasl
2011-05-23	Name : Mahara Multiple Remote Vulnerabilities File : nvt/gb_mahara_mult_vuln.nasl
2010-12-02	Name : Fedora Update for moodle FEDORA-2010-13396 File : nvt/gb_fedora_2010_13396_moodle_fc14.nasl
Hide \| Show 10 More...

id	Description
2010-11-09	Name : Mahara 'groupviews.tpl' Cross Site Scripting Vulnerability File : nvt/gb_mahara_44705.nasl
2010-08-24	Name : Fedora Update for moodle FEDORA-2010-13250 File : nvt/gb_fedora_2010_13250_moodle_fc13.nasl
2010-08-24	Name : Fedora Update for moodle FEDORA-2010-13254 File : nvt/gb_fedora_2010_13254_moodle_fc12.nasl
2010-07-05	Name : Mahara Multiple Remote Vulnerabilities File : nvt/gb_mahara_41319.nasl
2009-11-11	Name : Debian Security Advisory DSA 1924-1 (mahara) File : nvt/deb_1924_1.nasl
2009-11-04	Name : Mahara Multiple vulnerabilities File : nvt/mahara_multiple_vuln.nasl
2009-06-26	Name : Mahara Cross-Site Scripting Vulnerability File : nvt/secpod_mahara_xss_vuln.nasl
2009-03-20	Name : Debian Security Advisory DSA 1736-1 (mahara) File : nvt/deb_1736_1.nasl
2009-03-13	Name : Ubuntu USN-731-1 (apache2) File : nvt/ubuntu_731_1.nasl
2009-03-13	Name : Ubuntu USN-732-1 (dash) File : nvt/ubuntu_732_1.nasl

Nessus® Vulnerability Scanner

id	Description
2012-05-10	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2467.nasl - Type : ACT_GATHER_INFO
2011-11-07	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2334.nasl - Type : ACT_GATHER_INFO
2011-06-10	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2246.nasl - Type : ACT_GATHER_INFO
2010-08-24	Name : The remote Fedora host is missing a security update. File : fedora_2010-13396.nasl - Type : ACT_GATHER_INFO
2010-08-23	Name : The remote Fedora host is missing a security update. File : fedora_2010-13250.nasl - Type : ACT_GATHER_INFO
Hide \| Show 5 More...

id	Description
2010-08-23	Name : The remote Fedora host is missing a security update. File : fedora_2010-13254.nasl - Type : ACT_GATHER_INFO
2010-07-05	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2067.nasl - Type : ACT_GATHER_INFO
2010-02-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1924.nasl - Type : ACT_GATHER_INFO
2009-06-24	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1822.nasl - Type : ACT_GATHER_INFO
2009-03-11	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1736.nasl - Type : ACT_GATHER_INFO

Copyright Security-Database 2006-2017 - Powered by themself ;) in 0.1527s

Facebook rss twitter linkedin mail