This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Name cpe:/a:mahara:mahara:1.1.8
Detail
Vendor Mahara First view 2010-07-06
Product Mahara Last view 2012-07-12
Version 1.1.8 Type Application
Edition  
Language  
Update  
 
CPE Product cpe:/a:mahara:mahara

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
5 2012-07-12 CVE-2012-2351 Network Low None Requ...
6 2011-11-14 CVE-2011-4118 Network Medium Requires ...
6.8 2011-11-14 CVE-2011-2773 Network Medium None Requ...
5 2011-11-14 CVE-2011-2772 Network Low None Requ...
4.3 2011-11-14 CVE-2011-2771 Network Medium None Requ...
Hide | Show 11 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
4.3 2011-05-13 CVE-2011-1406 Network Medium None Requ...
3.5 2011-05-13 CVE-2011-1405 Network Medium Requires ...
4 2011-05-13 CVE-2011-1404 Network Low Requires ...
6.8 2011-05-13 CVE-2011-1403 Network Medium None Requ...
6.5 2011-05-13 CVE-2011-1402 Network Low Requires ...
4.3 2010-11-09 CVE-2010-3871 Network Medium None Requ...
4.3 2010-07-06 CVE-2010-2479 Network Medium None Requ...
7.5 2010-07-06 CVE-2010-1670 Network Low None Requ...
7.5 2010-07-06 CVE-2010-1669 Network Low None Requ...
6.8 2010-07-06 CVE-2010-1668 Network Medium None Requ...
4.3 2010-07-06 CVE-2010-1667 Network Medium None Requ...

CWE : Common Weakness Enumeration

%idName
31% (5)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
18% (3)CWE-352Cross-Site Request Forgery (CSRF)
18% (3)CWE-264Permissions, Privileges, and Access Controls
12% (2)CWE-16Configuration
6% (1)CWE-287Improper Authentication
Hide | Show 2 More...
%idName
6% (1)CWE-89Improper Sanitization of Special Elements used in an SQL Command ('...
6% (1)CWE-20Improper Input Validation

Oval Markup Language : Definitions

OvalIDName
oval:org.mitre.oval:def:13104DSA-2067-1 mahara -- several
oval:org.mitre.oval:def:11886DSA-2067 mahara -- several vulnerabilities
oval:org.mitre.oval:def:13046DSA-2246-1 mahara -- several vulnerabilities
oval:org.mitre.oval:def:15228DSA-2334-1 mahara -- several
oval:org.mitre.oval:def:18492DSA-2467-1 mahara - insecure defaults

Open Source Vulnerability Database (OSVDB)

idDescription
77207Mahara MNet XMLRPC Jump Remote Privilege Escalation
76919Mahara admin/users/addtoinstitution.php User Institution Manipulation CSRF
76918Mahara Overly Large Image Handling Remote DoS
76917Mahara External Feed Block Unspecified XSS
73458Mahara wwwroot https URL Parsing Credential Disclosure
Hide | Show 10 More...
idDescription
73457Mahara HTML Email Message XSS
73456Mahara Multiple Script AJAX Call Parsing Information Disclosure
73455Mahara Admin User Addition CSRF
73454Mahara Multiple Script Access Restriction Bypass
69111Mahara blocktype/groupviews/theme/raw/groupviews.tpl Unspecified Parameter XSS
66062Mahara Single Sign-on Authentication Plugin Null Password Authentication Bypass
66061Mahara Unspecified SQL Injection
66060Mahara Multiple Unspecified CSRF
66059Mahara Multiple Unspecified XSS
64113HTML Purifier Unspecified XSS

OpenVAS Exploits

idDescription
2012-05-31Name : Debian Security Advisory DSA 2467-1 (mahara)
File : nvt/deb_2467_1.nasl
2012-02-11Name : Debian Security Advisory DSA 2334-1 (mahara)
File : nvt/deb_2334_1.nasl
2011-08-03Name : Debian Security Advisory DSA 2246-1 (mahara)
File : nvt/deb_2246_1.nasl
2011-05-23Name : Mahara Multiple Remote Vulnerabilities
File : nvt/gb_mahara_mult_vuln.nasl
2010-12-02Name : Fedora Update for moodle FEDORA-2010-13396
File : nvt/gb_fedora_2010_13396_moodle_fc14.nasl
Hide | Show 4 More...
idDescription
2010-11-09Name : Mahara 'groupviews.tpl' Cross Site Scripting Vulnerability
File : nvt/gb_mahara_44705.nasl
2010-08-24Name : Fedora Update for moodle FEDORA-2010-13250
File : nvt/gb_fedora_2010_13250_moodle_fc13.nasl
2010-08-24Name : Fedora Update for moodle FEDORA-2010-13254
File : nvt/gb_fedora_2010_13254_moodle_fc12.nasl
2010-07-05Name : Mahara Multiple Remote Vulnerabilities
File : nvt/gb_mahara_41319.nasl

Nessus® Vulnerability Scanner

idDescription
2012-05-10Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2467.nasl - Type : ACT_GATHER_INFO
2011-11-07Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2334.nasl - Type : ACT_GATHER_INFO
2011-06-10Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2246.nasl - Type : ACT_GATHER_INFO
2010-08-24Name : The remote Fedora host is missing a security update.
File : fedora_2010-13396.nasl - Type : ACT_GATHER_INFO
2010-08-23Name : The remote Fedora host is missing a security update.
File : fedora_2010-13250.nasl - Type : ACT_GATHER_INFO
Hide | Show 2 More...
idDescription
2010-08-23Name : The remote Fedora host is missing a security update.
File : fedora_2010-13254.nasl - Type : ACT_GATHER_INFO
2010-07-05Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2067.nasl - Type : ACT_GATHER_INFO