10 matches found
EUVD-2017-1429
Malware in sbrugna...
EUVD-2017-1422
Malware in sbrugna...
EUVD-2017-1434
Malware in sbrugna...
Catalyst Mahara Arbitrary File Download Vulnerability
Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A security vulnerability exists in Catalyst Mahara versions 15.04 before 15.04.8, 15.10 before 15.10.4, and 16.04 before 16.04.2. An attacker could...
Catalyst Mahara Cross-Site Scripting Vulnerability (CNVD-2017-36188)
Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A cross-site scripting vulnerability exists in Catalyst Mahara versions 1.10 before 1.10.0 and 15.04 before 15.04.0. A remote attacker could exploit t...
Catalyst Mahara PHP Code Execution Vulnerability
Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A security vulnerability exists in Catalyst Mahara versions 15.04 before 15.04.8, 15.10 before 15.10.4, and 16.04 before 16.04.2. An attacker could...
Catalyst Mahara Session Fixation Vulnerability
Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A security vulnerability exists in Catalyst Mahara version 15.04 prior to 15.04.7 and version 15.10 prior to 15.10.3, which stems from a session ID no...
Arbitrary file deletion
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file...
CVE-2017-1000136
Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 and 15.04 before 15.04.0 are vulnerable to old sessions not being invalidated after a password change...
Code injection
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts...