This CPE summary could be partial or incomplete. Please contact us for a detailed listing.


CPE Namecpe:/a:mahara:mahara:1.3.0
VendorMaharaFirst view 2010-11-09
ProductMaharaLast view2018-01-30
CPE Productcpe:/a:mahara:mahara

Activity : Overall

Related : CVE

 DateAlertAccess VectorAccess ComplexityAuthentication
6.42018-01-30CVE-2017-1000141NetworkLowNone Requ...
42014-05-19CVE-2013-4432NetworkLowRequires ...
5.52014-05-19CVE-2013-4431NetworkLowRequires ...
4.32014-05-19CVE-2013-4430NetworkMediumNone Requ...
42014-05-19CVE-2013-4429NetworkLowRequires ...
Hide | Show 14 More...
 DateAlertAccess VectorAccess ComplexityAuthentication
52012-07-12CVE-2012-2351NetworkLowNone Requ...
62011-11-14CVE-2011-4118NetworkMediumRequires ...
42011-11-14CVE-2011-2774NetworkLowRequires ...
6.82011-11-14CVE-2011-2773NetworkMediumNone Requ...
52011-11-14CVE-2011-2772NetworkLowNone Requ...
4.32011-11-14CVE-2011-2771NetworkMediumNone Requ...
4.32011-05-13CVE-2011-1406NetworkMediumNone Requ...
3.52011-05-13CVE-2011-1405NetworkMediumRequires ...
42011-05-13CVE-2011-1404NetworkLowRequires ...
6.82011-05-13CVE-2011-1403NetworkMediumNone Requ...
6.52011-05-13CVE-2011-1402NetworkLowRequires ...
5.82011-03-28CVE-2011-0440NetworkMediumNone Requ...
4.32011-03-28CVE-2011-0439NetworkMediumNone Requ...
4.32010-11-09CVE-2010-3871NetworkMediumNone Requ...

CWE : Common Weakness Enumeration

28% (6)CWE-264Permissions, Privileges, and Access Controls
23% (5)CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting')
14% (3)CWE-352Cross-Site Request Forgery (CSRF)
9% (2)CWE-16Configuration
4% (1)CWE-640Weak Password Recovery Mechanism for Forgotten Password
Hide | Show 4 More...
4% (1)CWE-287Improper Authentication
4% (1)CWE-284Access Control (Authorization) Issues
4% (1)CWE-200Information Exposure
4% (1)CWE-20Improper Input Validation

Oval Markup Language : Definitions

oval:org.mitre.oval:def:12560DSA-2206-1 mahara -- several
oval:org.mitre.oval:def:13046DSA-2246-1 mahara -- several vulnerabilities
oval:org.mitre.oval:def:15228DSA-2334-1 mahara -- several
oval:org.mitre.oval:def:18492DSA-2467-1 mahara - insecure defaults

Open Source Vulnerability Database (OSVDB)

77207Mahara MNet XMLRPC Jump Remote Privilege Escalation
76920Mahara Reply to Message Functionality replyto Parameter Remote Private Messag...
76919Mahara admin/users/addtoinstitution.php User Institution Manipulation CSRF
76918Mahara Overly Large Image Handling Remote DoS
76917Mahara External Feed Block Unspecified XSS
Hide | Show 8 More...
73458Mahara wwwroot https URL Parsing Credential Disclosure
73457Mahara HTML Email Message XSS
73456Mahara Multiple Script AJAX Call Parsing Information Disclosure
73455Mahara Admin User Addition CSRF
73454Mahara Multiple Script Access Restriction Bypass
72155Mahara Pieform Select Box XSS
72154Mahara Blog Post Deletion CSRF
69111Mahara blocktype/groupviews/theme/raw/groupviews.tpl Unspecified Parameter XSS

OpenVAS Exploits

2012-05-31Name : Debian Security Advisory DSA 2467-1 (mahara)
File : nvt/deb_2467_1.nasl
2012-02-11Name : Debian Security Advisory DSA 2334-1 (mahara)
File : nvt/deb_2334_1.nasl
2011-08-03Name : Debian Security Advisory DSA 2246-1 (mahara)
File : nvt/deb_2246_1.nasl
2011-05-23Name : Mahara Multiple Remote Vulnerabilities
File : nvt/gb_mahara_mult_vuln.nasl
2011-05-12Name : Debian Security Advisory DSA 2206-1 (mahara)
File : nvt/deb_2206_1.nasl
Hide | Show 2 More...
2011-04-01Name : Mahara Cross Site Scripting and Cross Site Request Forgery Vulnerabilities
File : nvt/secpod_mahara_xss_n_csrf_vuln.nasl
2010-11-09Name : Mahara 'groupviews.tpl' Cross Site Scripting Vulnerability
File : nvt/gb_mahara_44705.nasl

Nessus® Vulnerability Scanner

2012-05-10Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2467.nasl - Type : ACT_GATHER_INFO
2011-11-07Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2334.nasl - Type : ACT_GATHER_INFO
2011-06-10Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2246.nasl - Type : ACT_GATHER_INFO
2011-03-30Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2206.nasl - Type : ACT_GATHER_INFO