Lucene search
+L

49 matches found

openvas
openvas
added 2020/03/11 12:0 a.m.22 views

Mahara 18.10 < 18.10.5, 19.04 < 19.04.4, 19.10 < 19.10.2 Multiple Vulnerabilities

Mahara is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mahara:mahara"; if description...

6.5CVSS5.1AI score0.01001EPSS
Exploits0References2
nvd
nvd
added 2020/03/09 2:15 p.m.12 views

CVE-2020-9282

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios...

6.5CVSS6.4AI score0.00919EPSS
Exploits0References2
osv
osv
added 2020/03/09 2:15 p.m.13 views

CVE-2020-9282

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios...

6.5CVSS6.7AI score
Exploits0References2
prion
prion
added 2020/03/09 2:15 p.m.16 views

Code injection

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios...

4CVSS6.4AI score0.00919EPSS
Exploits0References2Affected Software1
ubuntucve
ubuntucve
added 2020/03/09 2:15 p.m.20 views

CVE-2020-9282

In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios...

6.5CVSS6.6AI score0.00919EPSS
Exploits0References3
osv
osv
added 2018/07/03 9:29 p.m.5 views

CVE-2017-0912

Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit" access to "Scheduling...

5.4CVSS5.9AI score0.00543EPSS
Exploits0References1
osv
osv
added 2018/07/03 9:29 p.m.5 views

CVE-2017-0913

Ubiquiti UCRM versions 2.3.0 to 2.7.7 allow an authenticated user to read arbitrary files in the local file system. Note that by default, the local file system is isolated in a docker container. Successful exploitation requires valid credentials to an account with "Edit" access to "System...

4.7CVSS5.9AI score0.00296EPSS
Exploits0References2
hackerone
hackerone
added 2016/04/13 9:15 p.m.19 views

Uber: Requested and received edit access to Google form

Per the policies laid out in www.hackerone.com/uber social engineering attempts are explicitly out of scope: Social engineering attempts this includes phishing attacks against Uber employees Failure to follow these policies will result in forfeiture of any bounty and a potential ban from the...

1.8AI score
Exploits0
atlassian
atlassian
added 2012/09/27 4:29 p.m.23 views

Accidental XSRF and DoS consumption-of-space issue

We experienced an unusual growth of our nonspaced attachments that appears to be a DoS vunerability both in an accidental way with a workaround and intentional not easily worked around. This is under Confluence 4.0, but appears to probably apply to 4.3.1 as well. It appears the growing nonspaced...

0.7AI score
Exploits0Affected Software1
Rows per page
Query Builder