|
255781
|
4.4 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before 16.10.4 and 17.04 before 17.04.2 are vulnerable to recording plain text passwords in the event_log table during the user creatio…
|
CWE-200
Information Exposure
|
CVE-2017-1000157
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255782
|
6.5 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to a group's configuration page being editable by any group member even when they didn't have the admin ro…
|
CWE-269
Improper Privilege Management
|
CVE-2017-1000156
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255783
|
4.3 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to profile pictures being accessed without any access control checks consequently allowing any of a user's…
|
CWE-200
Information Exposure
|
CVE-2017-1000155
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255784
|
9.8 |
CRITICAL
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log…
|
CWE-287
Improper Authentication
|
CVE-2017-1000154
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255785
|
9.8 |
CRITICAL
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to incorrect access control after the password reset link is sent via email and then user changes default…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-1000153
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255786
|
9.8 |
CRITICAL
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation…
|
NVD-CWE-noinfo
|
CVE-2017-1000152
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255787
|
7.5 |
HIGH
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log.
|
CWE-200
Information Exposure
|
CVE-2017-1000151
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255788
|
8.8 |
HIGH
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to prevent session IDs from being regenerated on login or logout. This makes users of the site more vulnerable to session fixation …
|
CWE-384
Session Fixation
|
CVE-2017-1000150
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255789
|
5.4 |
MEDIUM
Network
|
mahara
|
mahara
|
Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open())
|
CWE-79
Cross-site Scripting
|
CVE-2017-1000149
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255790
|
8.8 |
HIGH
Network
|
mahara
|
mahara
|
Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to PHP code execution as Mahara would pass portions of the XML through the PHP "unserialize()" function wh…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2017-1000148
|
2024-11-21 12:04 |
2017-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
