This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Summuary
CPE Name cpe:/a:mahara:mahara:1.2.6
Detail
Vendor Mahara First view 2010-11-09
Product Mahara Last view 2012-07-12
Version 1.2.6 Type Application
Edition  
Language  
Update  
 
CPE Product cpe:/a:mahara:mahara

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
5 2012-07-12 CVE-2012-2351 Network Low None Requ...
6 2011-11-14 CVE-2011-4118 Network Medium Requires ...
6.8 2011-11-14 CVE-2011-2773 Network Medium None Requ...
5 2011-11-14 CVE-2011-2772 Network Low None Requ...
4.3 2011-11-14 CVE-2011-2771 Network Medium None Requ...
Hide | Show 8 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
4.3 2011-05-13 CVE-2011-1406 Network Medium None Requ...
3.5 2011-05-13 CVE-2011-1405 Network Medium Requires ...
4 2011-05-13 CVE-2011-1404 Network Low Requires ...
6.8 2011-05-13 CVE-2011-1403 Network Medium None Requ...
6.5 2011-05-13 CVE-2011-1402 Network Low Requires ...
5.8 2011-03-28 CVE-2011-0440 Network Medium None Requ...
4.3 2011-03-28 CVE-2011-0439 Network Medium None Requ...
4.3 2010-11-09 CVE-2010-3871 Network Medium None Requ...

CWE : Common Weakness Enumeration

%idName
30% (4)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
23% (3)CWE-352Cross-Site Request Forgery (CSRF)
23% (3)CWE-264Permissions, Privileges, and Access Controls
15% (2)CWE-16Configuration
7% (1)CWE-20Improper Input Validation

Oval Markup Language : Definitions

OvalIDName
oval:org.mitre.oval:def:12560DSA-2206-1 mahara -- several
oval:org.mitre.oval:def:13046DSA-2246-1 mahara -- several vulnerabilities
oval:org.mitre.oval:def:15228DSA-2334-1 mahara -- several
oval:org.mitre.oval:def:18492DSA-2467-1 mahara - insecure defaults

Open Source Vulnerability Database (OSVDB)

idDescription
77207Mahara MNet XMLRPC Jump Remote Privilege Escalation
76919Mahara admin/users/addtoinstitution.php User Institution Manipulation CSRF
76918Mahara Overly Large Image Handling Remote DoS
76917Mahara External Feed Block Unspecified XSS
73458Mahara wwwroot https URL Parsing Credential Disclosure
Hide | Show 7 More...
idDescription
73457Mahara HTML Email Message XSS
73456Mahara Multiple Script AJAX Call Parsing Information Disclosure
73455Mahara Admin User Addition CSRF
73454Mahara Multiple Script Access Restriction Bypass
72155Mahara Pieform Select Box XSS
72154Mahara Blog Post Deletion CSRF
69111Mahara blocktype/groupviews/theme/raw/groupviews.tpl Unspecified Parameter XSS

OpenVAS Exploits

idDescription
2012-05-31Name : Debian Security Advisory DSA 2467-1 (mahara)
File : nvt/deb_2467_1.nasl
2012-02-11Name : Debian Security Advisory DSA 2334-1 (mahara)
File : nvt/deb_2334_1.nasl
2011-08-03Name : Debian Security Advisory DSA 2246-1 (mahara)
File : nvt/deb_2246_1.nasl
2011-05-23Name : Mahara Multiple Remote Vulnerabilities
File : nvt/gb_mahara_mult_vuln.nasl
2011-05-12Name : Debian Security Advisory DSA 2206-1 (mahara)
File : nvt/deb_2206_1.nasl
Hide | Show 2 More...
idDescription
2011-04-01Name : Mahara Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
File : nvt/secpod_mahara_xss_n_csrf_vuln.nasl
2010-11-09Name : Mahara 'groupviews.tpl' Cross Site Scripting Vulnerability
File : nvt/gb_mahara_44705.nasl

Nessus® Vulnerability Scanner

idDescription
2012-05-10Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2467.nasl - Type : ACT_GATHER_INFO
2011-11-07Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2334.nasl - Type : ACT_GATHER_INFO
2011-06-10Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2246.nasl - Type : ACT_GATHER_INFO
2011-03-30Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2206.nasl - Type : ACT_GATHER_INFO