NotCVE - vendor:"Mahara" product:"Mahara" version:" <= 1.4.1"

Page 3 of 46 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 72EXPL: 1

CVE-2011-2771

https://notcve.org/view.php?id=CVE-2011-2771

15 Nov 2011 — Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Mahara anterior a v1.4.1 permite a atacantes remotos inyectar código web script o HTML a través de vectores relacionado con (1) atributos URI y (2) el... • http://secunia.com/advisories/46719 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 72EXPL: 0

CVE-2011-2772

https://notcve.org/view.php?id=CVE-2011-2772

15 Nov 2011 — The get_dataroot_image_path function in lib/file.php in Mahara before 1.4.1 does not properly validate uploaded image files, which allows remote attackers to cause a denial of service (memory consumption) via a (1) large or (2) invalid image. La función get_dataroot_image_path en lib/file.php en Mahara anterior a v1.4.1 no valida adecuadamente la subida de imagenes, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) a través de (1) imagen no válida o (2)grande. • http://secunia.com/advisories/46719 • CWE-20: Improper Input Validation •

CVSS: 8.8EPSS: 0%CPEs: 72EXPL: 0

CVE-2011-2773

https://notcve.org/view.php?id=CVE-2011-2773

15 Nov 2011 — Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 allows remote attackers to hijack the authentication of administrators for requests that add a user to an institution. Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Mahara anterior a v1.4.1 permite a atacantes remotos secuestrar la autenticación de administradores para peticiones que añaden un usuario a "institution". • http://secunia.com/advisories/46719 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0

CVE-2011-2774

https://notcve.org/view.php?id=CVE-2011-2774

15 Nov 2011 — The "Reply to message" feature in Mahara 1.3.x and 1.4.x before 1.4.1 allows remote authenticated users to read the messages of a different user via a modified replyto parameter. La característica "Reply to message" en Mahara v1.3.x y v1.4.x, antes de v1.4.1, permite a usuarios autenticados remotamente leer mensajes de un usuario diferente a través de un parámetro replyto modificado • http://secunia.com/advisories/46719 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.5EPSS: 0%CPEs: 65EXPL: 0

CVE-2011-1402

https://notcve.org/view.php?id=CVE-2011-1402

13 May 2011 — Mahara before 1.3.6 allows remote authenticated users to bypass intended access restrictions, and suspend a user account, edit a view, visit a view, edit a plan artefact, read a plans block, read a plan artefact, edit a blog, read a blog block, read a blog artefact, or access a block, via a request associated with (1) admin/users/search.json.php, (2) view/newviewtoken.json.php, (3) lib/mahara.php, (4) artefact/plans/tasks.json.php, (5) artefact/plans/viewtasks.json.php, (6) artefact/blog/view/index.json.php... • http://secunia.com/advisories/44433 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 8.8EPSS: 0%CPEs: 65EXPL: 0

CVE-2011-1403

https://notcve.org/view.php?id=CVE-2011-1403

13 May 2011 — Cross-site request forgery (CSRF) vulnerability in the pieforms implementation in Mahara before 1.3.6 allows remote attackers to hijack the authentication of arbitrary users for requests to any form, related to inappropriate regeneration of session keys. vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en la implementación de los pieforms en Mahara anteriores a v1.3,6, permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para peticiones a cualquier formulario,... • http://secunia.com/advisories/44433 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 65EXPL: 0

CVE-2011-1404

https://notcve.org/view.php?id=CVE-2011-1404

13 May 2011 — Mahara before 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with (1) blocktype/myfriends/myfriends.json.php, (2) json/usersearch.php, (3) group/membersearchresults.json.php, or (4) json/friendsearch.php, as demonstrated by information about friends and e-mail addresses. Mahara antes de v1.3.6 no restringe correctamente los datos en las respuestas a las llamadas AJAX, que permite a usuario... • http://secunia.com/advisories/44433 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.4EPSS: 0%CPEs: 65EXPL: 0

CVE-2011-1405

https://notcve.org/view.php?id=CVE-2011-1405

13 May 2011 — Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors associated with HTML e-mail messages, related to artefact/comment/lib.php and interaction/forum/lib.php. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Mahara para versiones anteriores a v1.3.6, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través vectores asociados a los mensajes de correo en HTML, ... • http://secunia.com/advisories/44433 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 65EXPL: 0

CVE-2011-1406

https://notcve.org/view.php?id=CVE-2011-1406

13 May 2011 — Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login. Mahara antes de v1.3.6 no controla correctamente una dirección URL https en la configuración de las opciones de wwwroot, que facilita a los atacantes remotos asistidos por el usuario a obtener las credenciales por la escucha de la red en el momento en que se realiz... • http://www.debian.org/security/2011/dsa-2246 • CWE-16: Configuration •

CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0

CVE-2011-0439

https://notcve.org/view.php?id=CVE-2011-0439

28 Mar 2011 — Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 and 1.3.x before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the Pieforms select box. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en Mahara v1.2.x anteriores a v1.2.7 y v1.3.x anteriores a 1.3.4, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de la caja de selección de Pieforms. • http://mahara.org/interaction/forum/topic.php?id=3205 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

1 2 3 4 5