Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mahara mahara 1.2.1 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-1000171
Mahara Mobile prior to 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.
Mahara Mahara Mobile
NA
CVE-2013-7108
Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and previous versions, and Icinga prior to 1.8.5, 1.9 prior to 1.9.4, and 1.10 prior to 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a l...
Nagios Nagios 3.0
Nagios Nagios 3.0.3
Nagios Nagios 3.0.4
Nagios Nagios 3.2.1
Nagios Nagios 3.2.2
Nagios Nagios 3.2.3
Nagios Nagios
Nagios Nagios 3.0.1
Nagios Nagios 3.0.2
Nagios Nagios 3.1.2
Nagios Nagios 3.2.0
Nagios Nagios 3.4.3
Nagios Nagios 3.5.1
Nagios Nagios 3.1.0
Nagios Nagios 3.1.1
Nagios Nagios 3.4.1
Nagios Nagios 3.4.2
Nagios Nagios 3.0.5
Nagios Nagios 3.0.6
Nagios Nagios 3.3.1
Nagios Nagios 3.4.0
Icinga Icinga 1.9.0
1 EDB exploit
NA
CVE-2012-2351
The default configuration of the auth/saml plugin in Mahara prior to 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username.
Debian Debian Linux 6.0
Mahara Mahara 1.4
Mahara Mahara 1.3.3
Mahara Mahara 1.2.6
Mahara Mahara 1.2.0
Mahara Mahara 1.1.1
Mahara Mahara 1.1.0
Mahara Mahara 1.1.7
Mahara Mahara 1.1.8
Mahara Mahara 1.1
Mahara Mahara 1.0.9
Mahara Mahara 1.0.6
Mahara Mahara 1.0.14
Mahara Mahara 1.0.15
Mahara Mahara 0.9.1
Mahara Mahara 0.9.2
Mahara Mahara 1.3.0
Mahara Mahara 1.3.1
Mahara Mahara 1.2.2
Mahara Mahara 1.1.6
Mahara Mahara 1.0.0
Mahara Mahara 1.0.4
NA
CVE-2011-2772
The get_dataroot_image_path function in lib/file.php in Mahara prior to 1.4.1 does not properly validate uploaded image files, which allows remote malicious users to cause a denial of service (memory consumption) via a (1) large or (2) invalid image.
Mahara Mahara 1.0.7
Mahara Mahara 1.1.0
Mahara Mahara 1.0.2
Mahara Mahara 1.0.0
Mahara Mahara 1.3.0
Mahara Mahara 1.2.0
Mahara Mahara 1.1.3
Mahara Mahara 1.2.4
Mahara Mahara 1.2.3
Mahara Mahara 1.1.2
Mahara Mahara 1.3.5
Mahara Mahara 1.0.6
Mahara Mahara 1.1.1
Mahara Mahara 0.9.2
Mahara Mahara 1.0.12
Mahara Mahara 1.0.10
Mahara Mahara 1.0.13
Mahara Mahara 1.1.6
Mahara Mahara 1.2.1
Mahara Mahara 0.9.0
Mahara Mahara 1.4
Mahara Mahara
NA
CVE-2011-2771
Multiple cross-site scripting (XSS) vulnerabilities in Mahara prior to 1.4.1 allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed.
Mahara Mahara 1.0.9
Mahara Mahara 1.1.2
Mahara Mahara 1.3.5
Mahara Mahara 1.0.6
Mahara Mahara 1.1.1
Mahara Mahara 0.9.2
Mahara Mahara 1.0.12
Mahara Mahara 1.3.0
Mahara Mahara 1.0.10
Mahara Mahara 1.0.13
Mahara Mahara 1.1.6
Mahara Mahara 1.2.0
Mahara Mahara 1.3.4
Mahara Mahara 1.0.5
Mahara Mahara 1.1.0
Mahara Mahara 1.0.4
Mahara Mahara 0.9.1
Mahara Mahara 1.2.6
Mahara Mahara 1.1.5
Mahara Mahara 1.1.9
Mahara Mahara 1.0.15
Mahara Mahara 1.1
NA
CVE-2011-2773
Cross-site request forgery (CSRF) vulnerability in Mahara prior to 1.4.1 allows remote malicious users to hijack the authentication of administrators for requests that add a user to an institution.
Mahara Mahara 1.4
Mahara Mahara 1.3.6
Mahara Mahara 1.1.0
Mahara Mahara 0.9.1
Mahara Mahara 0.9.2
Mahara Mahara 1.2.6
Mahara Mahara 1.3.0
Mahara Mahara 1.1.6
Mahara Mahara 1.0.11
Mahara Mahara 1.0.14
Mahara Mahara 1.1.7
Mahara Mahara 1.3.3
Mahara Mahara 1.2.0
Mahara Mahara 1.2.3
Mahara Mahara
Mahara Mahara 1.3.4
Mahara Mahara 1.0.9
Mahara Mahara 1.0.2
Mahara Mahara 1.0.0
Mahara Mahara 1.0.4
Mahara Mahara 1.0.3
Mahara Mahara 1.3.2
NA
CVE-2011-4118
Mahara prior to 1.4.1, when MNet (aka the Moodle network feature) is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target.
Mahara Mahara 1.3.5
Mahara Mahara 1.1.1
Mahara Mahara 1.0.2
Mahara Mahara 1.0.4
Mahara Mahara 1.0.12
Mahara Mahara 1.0.10
Mahara Mahara 1.1.0
Mahara Mahara 1.4
Mahara Mahara 1.3.0
Mahara Mahara 1.1.9
Mahara Mahara 1.2.0
Mahara Mahara 1.1
Mahara Mahara 1.0.5
Mahara Mahara 1.0.8
Mahara Mahara 1.0.7
Mahara Mahara 1.2.6
Mahara Mahara 1.0.13
Mahara Mahara 1.1.6
Mahara Mahara 1.1.5
Mahara Mahara 1.0.9
Mahara Mahara 1.1.2
Mahara Mahara 1.3.7
NA
CVE-2011-1404
Mahara prior to 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with (1) blocktype/myfriends/myfriends.json.php, (2) json/usersearch.php, (3) group/membersearchr...
Mahara Mahara 1.1.2
Mahara Mahara 1.0.6
Mahara Mahara 1.1.1
Mahara Mahara 1.0.2
Mahara Mahara 1.0.0
Mahara Mahara 1.3.0
Mahara Mahara 1.0.10
Mahara Mahara 1.1.0
Mahara Mahara 1.0.13
Mahara Mahara 1.1.6
Mahara Mahara 1.2.0
Mahara Mahara 1.2.1
Mahara Mahara 0.9.0
Mahara Mahara 1.2.4
Mahara Mahara 1.2.3
Mahara Mahara 1.0.8
Mahara Mahara 0.9.1
Mahara Mahara 1.0.1
Mahara Mahara 1.2.6
Mahara Mahara 1.1.9
Mahara Mahara 1.1.4
Mahara Mahara 1.1.7
NA
CVE-2011-1405
Cross-site scripting (XSS) vulnerability in Mahara prior to 1.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors associated with HTML e-mail messages, related to artefact/comment/lib.php and interaction/forum/lib.php.
Mahara Mahara 1.1.2
Mahara Mahara 1.0.6
Mahara Mahara 1.1.0
Mahara Mahara 1.0.2
Mahara Mahara 1.0.12
Mahara Mahara 1.3.0
Mahara Mahara 1.0.13
Mahara Mahara 1.1.3
Mahara Mahara 1.2.0
Mahara Mahara 1.2.1
Mahara Mahara 1.2.4
Mahara Mahara 1.0.5
Mahara Mahara 1.0.8
Mahara Mahara 1.0.3
Mahara Mahara 0.9.1
Mahara Mahara 1.2.6
Mahara Mahara 1.0.11
Mahara Mahara 1.1.9
Mahara Mahara 1.1.7
Mahara Mahara 1.1
Mahara Mahara 1.2.2
Mahara Mahara 1.3.4
NA
CVE-2011-1406
Mahara prior to 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote malicious users to obtain credentials by sniffing the network at a time when an http URL is used for a login.
Mahara Mahara 1.0.9
Mahara Mahara 1.1.2
Mahara Mahara 1.0.7
Mahara Mahara 1.1.0
Mahara Mahara 0.9.2
Mahara Mahara 1.0.12
Mahara Mahara 1.3.0
Mahara Mahara 1.1.3
Mahara Mahara 1.2.0
Mahara Mahara 1.0.5
Mahara Mahara 1.0.4
Mahara Mahara 1.0.3
Mahara Mahara 1.3.2
Mahara Mahara 1.1.5
Mahara Mahara 1.0.11
Mahara Mahara 1.0.15
Mahara Mahara 1.1.7
Mahara Mahara 1.3.3
Mahara Mahara 1.2.2
Mahara Mahara 1.2.5
Mahara Mahara 1.3.4
Mahara Mahara 1.0.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »