Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mahara mahara 15.04.2 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-1000150
Mahara 15.04 prior to 15.04.7 and 15.10 prior to 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation attacks.
Mahara Mahara 15.04
Mahara Mahara 15.04.6
Mahara Mahara 15.04.5
Mahara Mahara 15.04.4
Mahara Mahara 15.04.3
Mahara Mahara 15.04.2
Mahara Mahara 15.04.1
Mahara Mahara 15.04.0
Mahara Mahara 15.10.0
Mahara Mahara 15.10.1
Mahara Mahara 15.10.2
9.8
CVSSv3
CVE-2017-1000152
Mahara 15.04 prior to 15.04.7 and 15.10 prior to 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces another user to be logged ...
Mahara Mahara 15.04
Mahara Mahara 15.04.6
Mahara Mahara 15.04.5
Mahara Mahara 15.04.4
Mahara Mahara 15.04.3
Mahara Mahara 15.04.2
Mahara Mahara 15.04.1
Mahara Mahara 15.04.0
Mahara Mahara 15.10.0
Mahara Mahara 15.10.1
Mahara Mahara 15.10.2
8.8
CVSSv3
CVE-2017-1000148
Mahara 15.04 prior to 15.04.8 and 15.10 prior to 15.10.4 and 16.04 prior to 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function when importing a skin from an XML file.
Mahara Mahara 15.04
Mahara Mahara 15.04.7
Mahara Mahara 15.04.6
Mahara Mahara 15.04.5
Mahara Mahara 15.04.4
Mahara Mahara 15.04.3
Mahara Mahara 15.04.2
Mahara Mahara 15.04.1
Mahara Mahara 15.04.0
Mahara Mahara 16.04
Mahara Mahara 16.04.0
Mahara Mahara 16.04.1
Mahara Mahara 15.10.0
Mahara Mahara 15.10.1
Mahara Mahara 15.10.2
Mahara Mahara 15.10.3
9.8
CVSSv3
CVE-2017-1000154
Mahara 15.04 prior to 15.04.8 and 15.10 prior to 15.10.4 and 16.04 prior to 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended.
Mahara Mahara 15.04
Mahara Mahara 15.04.7
Mahara Mahara 15.04.6
Mahara Mahara 15.04.5
Mahara Mahara 15.04.4
Mahara Mahara 15.04.3
Mahara Mahara 15.04.2
Mahara Mahara 15.04.1
Mahara Mahara 15.04.0
Mahara Mahara 16.04
Mahara Mahara 16.04.0
Mahara Mahara 16.04.1
Mahara Mahara 15.10.0
Mahara Mahara 15.10.1
Mahara Mahara 15.10.2
Mahara Mahara 15.10.3
4.3
CVSSv3
CVE-2017-1000155
Mahara 15.04 prior to 15.04.8 and 15.10 prior to 15.10.4 and 16.04 prior to 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's uploaded profile pictures to be viewable by anyone, whether or not th...
Mahara Mahara 15.04
Mahara Mahara 15.04.7
Mahara Mahara 15.04.6
Mahara Mahara 15.04.5
Mahara Mahara 15.04.4
Mahara Mahara 15.04.3
Mahara Mahara 15.04.2
Mahara Mahara 15.04.1
Mahara Mahara 15.04.0
Mahara Mahara 16.04
Mahara Mahara 16.04.0
Mahara Mahara 16.04.1
Mahara Mahara 15.10.0
Mahara Mahara 15.10.1
Mahara Mahara 15.10.2
Mahara Mahara 15.10.3
6.5
CVSSv3
CVE-2017-1000131
Mahara 15.04 prior to 15.04.8 and 15.10 prior to 15.10.4 and 16.04 prior to 16.04.2 are vulnerable to users staying logged in to their Mahara account even when they have been logged out of Moodle (when using MNet) as Mahara did not properly implement one of the MNet SSO API funct...
Mahara Mahara 15.04
Mahara Mahara 15.04.7
Mahara Mahara 15.04.6
Mahara Mahara 15.04.5
Mahara Mahara 15.04.4
Mahara Mahara 15.04.3
Mahara Mahara 15.04.2
Mahara Mahara 15.04.1
Mahara Mahara 15.04.0
Mahara Mahara 16.04
Mahara Mahara 16.04.0
Mahara Mahara 16.04.1
Mahara Mahara 15.10.0
Mahara Mahara 15.10.1
Mahara Mahara 15.10.2
Mahara Mahara 15.10.3
7.5
CVSSv3
CVE-2017-1000133
Mahara 15.04 prior to 15.04.8 and 15.10 prior to 15.10.4 and 16.04 prior to 16.04.2 are vulnerable to a user - in some circumstances causing another user's artefacts to be included in a Leap2a export of their own pages.
Mahara Mahara 15.04
Mahara Mahara 15.04.7
Mahara Mahara 15.04.6
Mahara Mahara 15.04.5
Mahara Mahara 15.04.4
Mahara Mahara 15.04.3
Mahara Mahara 15.04.2
Mahara Mahara 15.04.1
Mahara Mahara 15.04.0
Mahara Mahara 16.04
Mahara Mahara 16.04.0
Mahara Mahara 16.04.1
Mahara Mahara 15.10.0
Mahara Mahara 15.10.1
Mahara Mahara 15.10.2
Mahara Mahara 15.10.3
7.5
CVSSv3
CVE-2017-1000151
Mahara 15.04 prior to 15.04.9 and 15.10 prior to 15.10.5 and 16.04 prior to 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log.
Mahara Mahara 15.04
Mahara Mahara 15.04.8
Mahara Mahara 15.04.7
Mahara Mahara 15.04.6
Mahara Mahara 15.04.5
Mahara Mahara 15.04.4
Mahara Mahara 15.04.3
Mahara Mahara 15.04.2
Mahara Mahara 15.04.1
Mahara Mahara 15.04.0
Mahara Mahara 16.04
Mahara Mahara 16.04.0
Mahara Mahara 16.04.1
Mahara Mahara 16.04.2
Mahara Mahara 15.10.0
Mahara Mahara 15.10.1
Mahara Mahara 15.10.2
Mahara Mahara 15.10.3
Mahara Mahara 15.10.4
6.5
CVSSv3
CVE-2017-1000156
Mahara 15.04 prior to 15.04.9 and 15.10 prior to 15.10.5 and 16.04 prior to 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin role.
Mahara Mahara 15.04
Mahara Mahara 15.04.8
Mahara Mahara 15.04.7
Mahara Mahara 15.04.6
Mahara Mahara 15.04.5
Mahara Mahara 15.04.4
Mahara Mahara 15.04.3
Mahara Mahara 15.04.2
Mahara Mahara 15.04.1
Mahara Mahara 15.04.0
Mahara Mahara 16.04
Mahara Mahara 16.04.0
Mahara Mahara 16.04.1
Mahara Mahara 16.04.2
Mahara Mahara 15.10.0
Mahara Mahara 15.10.1
Mahara Mahara 15.10.2
Mahara Mahara 15.10.3
Mahara Mahara 15.10.4
6.8
CVSSv3
CVE-2017-1000147
Mahara 1.9 prior to 1.9.8 and 1.10 prior to 1.10.6 and 15.04 prior to 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an malicious user to trick a Mahara user into unknowi...
Mahara Mahara 1.9.1
Mahara Mahara 1.9.2
Mahara Mahara 1.9.3
Mahara Mahara 1.9.0
Mahara Mahara 1.9
Mahara Mahara 1.9.4
Mahara Mahara 1.9.5
Mahara Mahara 1.9.6
Mahara Mahara 1.9.7
Mahara Mahara 1.10.0
Mahara Mahara 1.10
Mahara Mahara 1.10.1
Mahara Mahara 1.10.2
Mahara Mahara 1.10.3
Mahara Mahara 1.10.4
Mahara Mahara 1.10.5
Mahara Mahara 15.04
Mahara Mahara 15.04.2
Mahara Mahara 15.04.1
Mahara Mahara 15.04.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »