2 matches found
CVE-2011-1406
Mahara before 1.3.6 does not properly handle an https URL in the wwwroot configuration setting, which makes it easier for user-assisted remote attackers to obtain credentials by sniffing the network at a time when an http URL is used for a login...
CVE-2011-1404
Mahara before 1.3.6 does not properly restrict the data in responses to AJAX calls, which allows remote authenticated users to obtain sensitive information via a request associated with 1 blocktype/myfriends/myfriends.json.php, 2 json/usersearch.php, 3 group/membersearchresults.json.php, or 4...