Vendor Dictionary: Mahara

Mahara

Short Name:	mahara
Previous Names:	[None Entered]
URL:	http://mahara.org [visit link]
Email:	infomahara.org
Security URL:	http://mahara.org/interaction/forum/view.php?id=43 [visit link]
Security Email:	securitymahara.org
Knowledge Base:	https://wiki.mahara.org [visit link]
Notes:	[No Notes]

Vulnerabilities by Vendor Product

Mahara

Mahara

Mahara: 1.3.2; OSVDB ID: 69111 Mahara blocktype/groupviews/theme/raw/groupviews.tpl Unspecified Parameter XSS; 1.3; OSVDB ID: 72154 Mahara Blog Post Deletion CSRF; 1.3.3; OSVDB ID: 72154 Mahara Blog Post Deletion CSRF; 1.2.0; OSVDB ID: 72154 Mahara Blog Post Deletion CSRF; 1.2.1; OSVDB ID: 72154 Mahara Blog Post Deletion CSRF; 1.2.2; OSVDB ID: 72154 Mahara Blog Post Deletion CSRF; 1.2.3; OSVDB ID: 72154 Mahara Blog Post Deletion CSRF; 1.2.4; OSVDB ID: 72154 Mahara Blog Post Deletion CSRF; 1.2.5; OSVDB ID: 72154 Mahara Blog Post Deletion CSRF; 1.2.6; OSVDB ID: 72154 Mahara Blog Post Deletion CSRF; 1.3.1; OSVDB ID: 72154 Mahara Blog Post Deletion CSRF; 1.3.2; OSVDB ID: 72154 Mahara Blog Post Deletion CSRF; 1.3; OSVDB ID: 72155 Mahara Pieform Select Box XSS; 1.3.3; OSVDB ID: 72155 Mahara Pieform Select Box XSS; 1.2.0; OSVDB ID: 72155 Mahara Pieform Select Box XSS; 1.2.1; OSVDB ID: 72155 Mahara Pieform Select Box XSS; 1.2.2; OSVDB ID: 72155 Mahara Pieform Select Box XSS; 1.2.3; OSVDB ID: 72155 Mahara Pieform Select Box XSS; 1.2.4; OSVDB ID: 72155 Mahara Pieform Select Box XSS; 1.2.5; OSVDB ID: 72155 Mahara Pieform Select Box XSS; 1.2.6; OSVDB ID: 72155 Mahara Pieform Select Box XSS; 1.3.1; OSVDB ID: 72155 Mahara Pieform Select Box XSS; 1.3.2; OSVDB ID: 72155 Mahara Pieform Select Box XSS; 1.3.5; OSVDB ID: 73456 Mahara Multiple Script AJAX Call Parsing Information Disclosure; OSVDB ID: 73457 Mahara HTML Email Message XSS; OSVDB ID: 73454 Mahara Multiple Script Access Restriction Bypass; OSVDB ID: 73458 Mahara wwwroot https URL Parsing Credential Disclosure; OSVDB ID: 86223 Mahara XML File Upload XSS; OSVDB ID: 73455 Mahara Admin User Creation CSRF; 1.3.5; 1.3.5; 1.3.5; 1.3.5; 1.4.0; OSVDB ID: 76917 Mahara External Feed Block Unspecified XSS; OSVDB ID: 76918 Mahara Overly Large Image Handling Remote DoS; OSVDB ID: 76919 Mahara admin/users/addtoinstitution.php User Institution Manipulation CSRF; OSVDB ID: 86224 Mahara clamav Path Manipulation Arbitrary File Execution; OSVDB ID: 86223 Mahara XML File Upload XSS; 1.4.0; 1.4.0; 1.4.0; OSVDB ID: 76920 Mahara Reply to Message Functionality replyto Parameter Remote Private Message Disclosure; 1.4.1; OSVDB ID: 84015 Mahara auth/saml Plugin SAML IdP Server Internal Username Spoofing Weakness; OSVDB ID: 86223 Mahara XML File Upload XSS; 1.5.1; OSVDB ID: 84428 Mahara Edit Blog Insert/Edit Image XSS; OSVDB ID: 86223 Mahara XML File Upload XSS; 1.4.2; OSVDB ID: 84428 Mahara Edit Blog Insert/Edit Image XSS; OSVDB ID: 86223 Mahara XML File Upload XSS; 1.4.2; OSVDB ID: 84429 Mahara htdocs/auth/lib.php URI XSS; 1.5.1; OSVDB ID: 84429 Mahara htdocs/auth/lib.php URI XSS; 1.5.2; OSVDB ID: 86220 Mahara account/delete.php Clickjacking Weakness; OSVDB ID: 86221 Mahara Arbitrary SVG File Upload Arbitrary Code Execution; OSVDB ID: 86223 Mahara XML File Upload XSS; OSVDB ID: 86222 Mahara CSV Upload Header Error Display XSS; 1.4.3; OSVDB ID: 86220 Mahara account/delete.php Clickjacking Weakness; OSVDB ID: 86221 Mahara Arbitrary SVG File Upload Arbitrary Code Execution; OSVDB ID: 86223 Mahara XML File Upload XSS; OSVDB ID: 86222 Mahara CSV Upload Header Error Display XSS; 1.5.2; 1.4.3; 1.5.2; 1.4.3; 1.5.2; 1.4.3; 1.5.1; 1.5.0; OSVDB ID: 86224 Mahara clamav Path Manipulation Arbitrary File Execution; OSVDB ID: 86223 Mahara XML File Upload XSS; 1.4.2; 1.3.8; OSVDB ID: 86223 Mahara XML File Upload XSS; 1.4.1; 1.3.7; OSVDB ID: 86223 Mahara XML File Upload XSS; 1.4.0; 1.3.6; OSVDB ID: 86223 Mahara XML File Upload XSS; 1.2.9; OSVDB ID: 86223 Mahara XML File Upload XSS; 1.3.5; 1.2.8; OSVDB ID: 86223 Mahara XML File Upload XSS; 1.3.4; OSVDB ID: 86223 Mahara XML File Upload XSS; 1.2.7; OSVDB ID: 86223 Mahara XML File Upload XSS; 1.3.3; OSVDB ID: 86223 Mahara XML File Upload XSS; 1.2.5; OSVDB ID: 86223 Mahara XML File Upload XSS; 1.2.4; OSVDB ID: 86223 Mahara XML File Upload XSS; 1.2.3; OSVDB ID: 86223 Mahara XML File Upload XSS; 1.2.2; OSVDB ID: 86223 Mahara XML File Upload XSS; 1.2.1; OSVDB ID: 86223 Mahara XML File Upload XSS; 1.2.0; OSVDB ID: 86224 Mahara clamav Path Manipulation Arbitrary File Execution; OSVDB ID: 86223 Mahara XML File Upload XSS; 1.4.0; 1.5.0; 1.6.0; OSVDB ID: 86224 Mahara clamav Path Manipulation Arbitrary File Execution; 1.2.0; 1.4.3; OSVDB ID: 87915 Mahara PHP XML Parser XXE Injection Arbitrary File Access; 1.5.2; OSVDB ID: 87915 Mahara PHP XML Parser XXE Injection Arbitrary File Access; 1.5.6; OSVDB ID: 87924 Mahara group/members.php query Parameter XSS; 1.6.1; OSVDB ID: 87924 Mahara group/members.php query Parameter XSS; 1.5.7; OSVDB ID: 73803 Flowplayer flowplayer-3.2.7.swf linkUrl Parameter XSS; 1.6.2; OSVDB ID: 73803 Flowplayer flowplayer-3.2.7.swf linkUrl Parameter XSS; 1.4.3; OSVDB ID: 92062 Mahara XML External Entity (XXE) Data Parsing Arbitrary File Disclosure; 1.5.2; OSVDB ID: 92062 Mahara XML External Entity (XXE) Data Parsing Arbitrary File Disclosure; 1.4.4; OSVDB ID: 92063 Mahara Configuration Manipulation CSRF; 1.5.3; OSVDB ID: 92063 Mahara Configuration Manipulation CSRF

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.