Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mahara mahara 1.3.6 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-2774
The "Reply to message" feature in Mahara 1.3.x and 1.4.x prior to 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter.
Mahara Mahara 1.3.3
Mahara Mahara 1.3.1
Mahara Mahara 1.4
Mahara Mahara 1.3.0
Mahara Mahara 1.4.0
Mahara Mahara 1.3.7
Mahara Mahara 1.3.6
Mahara Mahara 1.3.5
Mahara Mahara 1.3.4
Mahara Mahara 1.3.2
NA
CVE-2011-4118
Mahara prior to 1.4.1, when MNet (aka the Moodle network feature) is used, allows remote authenticated users to gain privileges via a jump to an XMLRPC target.
Mahara Mahara 1.3.5
Mahara Mahara 1.1.1
Mahara Mahara 1.0.2
Mahara Mahara 1.0.4
Mahara Mahara 1.0.12
Mahara Mahara 1.0.10
Mahara Mahara 1.1.0
Mahara Mahara 1.4
Mahara Mahara 1.3.0
Mahara Mahara 1.1.9
Mahara Mahara 1.2.0
Mahara Mahara 1.1
Mahara Mahara 1.0.5
Mahara Mahara 1.0.8
Mahara Mahara 1.0.7
Mahara Mahara 1.2.6
Mahara Mahara 1.0.13
Mahara Mahara 1.1.6
Mahara Mahara 1.1.5
Mahara Mahara 1.0.9
Mahara Mahara 1.1.2
Mahara Mahara 1.3.7
NA
CVE-2011-2771
Multiple cross-site scripting (XSS) vulnerabilities in Mahara prior to 1.4.1 allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed.
Mahara Mahara 1.0.9
Mahara Mahara 1.1.2
Mahara Mahara 1.3.5
Mahara Mahara 1.0.6
Mahara Mahara 1.1.1
Mahara Mahara 0.9.2
Mahara Mahara 1.0.12
Mahara Mahara 1.3.0
Mahara Mahara 1.0.10
Mahara Mahara 1.0.13
Mahara Mahara 1.1.6
Mahara Mahara 1.2.0
Mahara Mahara 1.3.4
Mahara Mahara 1.0.5
Mahara Mahara 1.1.0
Mahara Mahara 1.0.4
Mahara Mahara 0.9.1
Mahara Mahara 1.2.6
Mahara Mahara 1.1.5
Mahara Mahara 1.1.9
Mahara Mahara 1.0.15
Mahara Mahara 1.1
NA
CVE-2011-2772
The get_dataroot_image_path function in lib/file.php in Mahara prior to 1.4.1 does not properly validate uploaded image files, which allows remote malicious users to cause a denial of service (memory consumption) via a (1) large or (2) invalid image.
Mahara Mahara 1.0.7
Mahara Mahara 1.1.0
Mahara Mahara 1.0.2
Mahara Mahara 1.0.0
Mahara Mahara 1.3.0
Mahara Mahara 1.2.0
Mahara Mahara 1.1.3
Mahara Mahara 1.2.4
Mahara Mahara 1.2.3
Mahara Mahara 1.1.2
Mahara Mahara 1.3.5
Mahara Mahara 1.0.6
Mahara Mahara 1.1.1
Mahara Mahara 0.9.2
Mahara Mahara 1.0.12
Mahara Mahara 1.0.10
Mahara Mahara 1.0.13
Mahara Mahara 1.1.6
Mahara Mahara 1.2.1
Mahara Mahara 0.9.0
Mahara Mahara 1.4
Mahara Mahara
NA
CVE-2011-2773
Cross-site request forgery (CSRF) vulnerability in Mahara prior to 1.4.1 allows remote malicious users to hijack the authentication of administrators for requests that add a user to an institution.
Mahara Mahara 1.4
Mahara Mahara 1.3.6
Mahara Mahara 1.1.0
Mahara Mahara 0.9.1
Mahara Mahara 0.9.2
Mahara Mahara 1.2.6
Mahara Mahara 1.3.0
Mahara Mahara 1.1.6
Mahara Mahara 1.0.11
Mahara Mahara 1.0.14
Mahara Mahara 1.1.7
Mahara Mahara 1.3.3
Mahara Mahara 1.2.0
Mahara Mahara 1.2.3
Mahara Mahara
Mahara Mahara 1.3.4
Mahara Mahara 1.0.9
Mahara Mahara 1.0.2
Mahara Mahara 1.0.0
Mahara Mahara 1.0.4
Mahara Mahara 1.0.3
Mahara Mahara 1.3.2
NA
CVE-2012-2351
The default configuration of the auth/saml plugin in Mahara prior to 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username.
Debian Debian Linux 6.0
Mahara Mahara 1.4
Mahara Mahara 1.3.3
Mahara Mahara 1.2.6
Mahara Mahara 1.2.0
Mahara Mahara 1.1.1
Mahara Mahara 1.1.0
Mahara Mahara 1.1.7
Mahara Mahara 1.1.8
Mahara Mahara 1.1
Mahara Mahara 1.0.9
Mahara Mahara 1.0.6
Mahara Mahara 1.0.14
Mahara Mahara 1.0.15
Mahara Mahara 0.9.1
Mahara Mahara 0.9.2
Mahara Mahara 1.3.0
Mahara Mahara 1.3.1
Mahara Mahara 1.2.2
Mahara Mahara 1.1.6
Mahara Mahara 1.0.0
Mahara Mahara 1.0.4
NA
CVE-2011-1403
Cross-site request forgery (CSRF) vulnerability in the pieforms implementation in Mahara prior to 1.3.6 allows remote malicious users to hijack the authentication of arbitrary users for requests to any form, related to inappropriate regeneration of session keys.
Mahara Mahara 1.0.6
Mahara Mahara 1.1.1
Mahara Mahara 1.0.0
Mahara Mahara 1.0.4
Mahara Mahara 1.0.10
Mahara Mahara 1.3.1
Mahara Mahara 1.3.0
Mahara Mahara 1.1.0
Mahara Mahara 1.1.6
Mahara Mahara 1.1.5
Mahara Mahara 1.2.0
Mahara Mahara 1.0.14
Mahara Mahara 1.2.1
Mahara Mahara 0.9.0
Mahara Mahara 1.2.3
Mahara Mahara 1.2.5
Mahara Mahara 1.0.8
Mahara Mahara 1.0.7
Mahara Mahara 1.0.1
Mahara Mahara 0.9.2
Mahara Mahara 1.2.6
Mahara Mahara 1.1.4
NA
CVE-2011-1404
Mahara prior to 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with (1) blocktype/myfriends/myfriends.json.php, (2) json/usersearch.php, (3) group/membersearchr...
Mahara Mahara 1.1.2
Mahara Mahara 1.0.6
Mahara Mahara 1.1.1
Mahara Mahara 1.0.2
Mahara Mahara 1.0.0
Mahara Mahara 1.3.0
Mahara Mahara 1.0.10
Mahara Mahara 1.1.0
Mahara Mahara 1.0.13
Mahara Mahara 1.1.6
Mahara Mahara 1.2.0
Mahara Mahara 1.2.1
Mahara Mahara 0.9.0
Mahara Mahara 1.2.4
Mahara Mahara 1.2.3
Mahara Mahara 1.0.8
Mahara Mahara 0.9.1
Mahara Mahara 1.0.1
Mahara Mahara 1.2.6
Mahara Mahara 1.1.9
Mahara Mahara 1.1.4
Mahara Mahara 1.1.7
NA
CVE-2011-1405
Cross-site scripting (XSS) vulnerability in Mahara prior to 1.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors associated with HTML e-mail messages, related to artefact/comment/lib.php and interaction/forum/lib.php.
Mahara Mahara 1.1.2
Mahara Mahara 1.0.6
Mahara Mahara 1.1.0
Mahara Mahara 1.0.2
Mahara Mahara 1.0.12
Mahara Mahara 1.3.0
Mahara Mahara 1.0.13
Mahara Mahara 1.1.3
Mahara Mahara 1.2.0
Mahara Mahara 1.2.1
Mahara Mahara 1.2.4
Mahara Mahara 1.0.5
Mahara Mahara 1.0.8
Mahara Mahara 1.0.3
Mahara Mahara 0.9.1
Mahara Mahara 1.2.6
Mahara Mahara 1.0.11
Mahara Mahara 1.1.9
Mahara Mahara 1.1.7
Mahara Mahara 1.1
Mahara Mahara 1.2.2
Mahara Mahara 1.3.4
NA
CVE-2011-1406
Mahara prior to 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote malicious users to obtain credentials by sniffing the network at a time when an http URL is used for a login.
Mahara Mahara 1.0.9
Mahara Mahara 1.1.2
Mahara Mahara 1.0.7
Mahara Mahara 1.1.0
Mahara Mahara 0.9.2
Mahara Mahara 1.0.12
Mahara Mahara 1.3.0
Mahara Mahara 1.1.3
Mahara Mahara 1.2.0
Mahara Mahara 1.0.5
Mahara Mahara 1.0.4
Mahara Mahara 1.0.3
Mahara Mahara 1.3.2
Mahara Mahara 1.1.5
Mahara Mahara 1.0.11
Mahara Mahara 1.0.15
Mahara Mahara 1.1.7
Mahara Mahara 1.3.3
Mahara Mahara 1.2.2
Mahara Mahara 1.2.5
Mahara Mahara 1.3.4
Mahara Mahara 1.0.6
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »