Mahara Community - Security Announcements

Mahara Community

Forums /
Security Announcements

Subscribe to this forum to be notified about security fixes.

Topic	Posts	Last post
Closed Security issues relating to passwords <1.7.7, <1.8.4, <1.9.2 by Robert Lyon Mahara institutions that use LDAP for authentic...	1	01 August 2014, 12:13 by Robert Lyon
Closed Security issues in HTML Purifier external library in <1.6.9, <1.7.5, <1.8.2 by Aaron Wells Mahara uses the external HTML Purifier library ...	1	03 April 2014, 15:42 by Aaron Wells
Closed Suspended user access vulnerability in <1.6.9, <1.7.5, <1.8.2 by Aaron Wells Suspended users can login via the "reset passwo...	1	03 April 2014, 15:35 by Aaron Wells
Closed Access Folder Artefact Vulnerabilities in <1.5.13, <1.6.8, <1.7.4 by Son Nguyen Unauthorized access to a folder by group members	1	31 October 2013, 16:32 by Son Nguyen
Closed Cross-site Scripting Vulnerability in <1.5.12, <1.6.7, <1.7.3 by Aaron Wells Category: Cross-site Scripting	1	03 October 2013, 22:59 by Aaron Wells
Closed Multiple Access Control Vulnerabilities in <1.5.12, <1.6.7, <1.7.3 by Aaron Wells Multiple Access Control Vulnerabilities in <1.5...	1	03 October 2013, 22:49 by Aaron Wells
Closed RSS feed password vulnerability <1.5.10, <1.6.5, <1.7.1 by Aaron Wells Potential compromise of stored passwords in RSS...	1	03 May 2013, 12:54 by Aaron Wells
Closed Cross-site Scripting Vulnerability <1.5.9, <1.6.4 by Aaron Wells Stored XSS vulnerability in Mahara's usage of T...	1	15 April 2013, 18:18 by Aaron Wells
Closed External vulnerability in Mahara flowplayer in <1.5.8 and <1.6.3 by Account deleted Cross site scripting vulnerability in external ...	1	15 February 2013, 16:58 by Account deleted
Closed Cross-site Scripting vulnerability in Mahara <1.5.8 and <1.6.3 by Account deleted Cross-site Scripting Vulnerability	1	15 February 2013, 16:38 by Account deleted
Closed Cross-site Scripting Vulnerability < 1.5.7, < 1.6.2 by Account deleted Cross-site Scripting Vulnerability Category:...	2	23 November 2012, 16:16 by Account deleted
Closed Click Jacking Vulnerability by Account deleted Click Jacking Vulnerability	1	09 October 2012, 23:19 by Account deleted
Closed Cross-site Scripting Vulnerability by Account deleted Cross-site Scripting Vulnerability	1	09 October 2012, 23:17 by Account deleted
Closed Multiple Cross-site Scripting Vulnerabilities by Account deleted Multiple Cross-site Scripting Vulnerabilities	1	09 October 2012, 23:16 by Account deleted
Closed Remote Code Execution Vulnerability by Account deleted Remote Code Execution Vulnerability	1	09 October 2012, 23:13 by Account deleted
Closed Conclusion of the Security Bug Bounty by Kristina Hoeppner Hello,	1	04 October 2012, 21:13 by Kristina Hoeppner
Closed XML External Entities Vulnerability in versions 1.4.3 and 1.5.2 by Account deleted XML External Entities Vulnerability in versions...	1	13 September 2012, 20:53 by Account deleted
Closed Multiple Cross-site Scripting Vulnerabilities in versions 1.4.2 and 1.5.1 by Account deleted Multiple Cross-site Scripting Vulnerabilities i...	1	31 July 2012, 1:45 by Account deleted
Closed Insecure defaults in SAML plugin by François Marier This security issue only affects sites which ma...	1	15 February 2012, 20:52 by François Marier
Closed Privilege Escalation (MNet) in Mahara 1.4.0 and 1.3.6 by François Marier Category: Privilege Escalation Seve...	1	03 November 2011, 17:56 by François Marier
Closed Cross-site Request Forgery in Mahara 1.4.0 and 1.3.6 by François Marier Category: Cross-site Request Forgery ...	1	03 November 2011, 17:52 by François Marier
Closed Cross-site Scripting in Mahara 1.4.0 and 1.3.6 by François Marier Category: Cross-site Scripting Seve...	1	03 November 2011, 17:48 by François Marier
Closed Information Disclosure in Mahara 1.4.0 and 1.3.6 by François Marier Category: Information Disclosure Se...	1	03 November 2011, 17:46 by François Marier
Closed Denial of Service in Mahara 1.4.0 and 1.3.6 by François Marier Category: Denial of Service Severit...	1	03 November 2011, 17:42 by François Marier
Closed HTTPS downgrade in Mahara 1.2.8 and 1.3.5 by François Marier Category: HTTPS to HTTP downgrade S...	1	09 May 2011, 21:06 by François Marier

122 topics

Group administrators:

Robert Lyon

Kristina Hoeppner

Moderators:

Doris ⚡

Portfolios for your learning community

Create portfolios

Engage with others

Listen to portfolio stories

Forums | Mahara Community

Forums /
Security Announcements

Closed Security issues relating to passwords <1.7.7, <1.8.4, <1.9.2 by Robert Lyon

Closed Security issues in HTML Purifier external library in <1.6.9, <1.7.5, <1.8.2 by Aaron Wells

Closed Suspended user access vulnerability in <1.6.9, <1.7.5, <1.8.2 by Aaron Wells

Closed Access Folder Artefact Vulnerabilities in <1.5.13, <1.6.8, <1.7.4 by Son Nguyen

Closed Cross-site Scripting Vulnerability in <1.5.12, <1.6.7, <1.7.3 by Aaron Wells

Closed Multiple Access Control Vulnerabilities in <1.5.12, <1.6.7, <1.7.3 by Aaron Wells

Closed RSS feed password vulnerability <1.5.10, <1.6.5, <1.7.1 by Aaron Wells

Closed Cross-site Scripting Vulnerability <1.5.9, <1.6.4 by Aaron Wells

Closed External vulnerability in Mahara flowplayer in <1.5.8 and <1.6.3 by Account deleted

Closed Cross-site Scripting vulnerability in Mahara <1.5.8 and <1.6.3 by Account deleted

Closed Cross-site Scripting Vulnerability < 1.5.7, < 1.6.2 by Account deleted

Closed Click Jacking Vulnerability by Account deleted

Closed Cross-site Scripting Vulnerability by Account deleted

Closed Multiple Cross-site Scripting Vulnerabilities by Account deleted

Closed Remote Code Execution Vulnerability by Account deleted

Closed Conclusion of the Security Bug Bounty by Kristina Hoeppner

Closed XML External Entities Vulnerability in versions 1.4.3 and 1.5.2 by Account deleted

Closed Multiple Cross-site Scripting Vulnerabilities in versions 1.4.2 and 1.5.1 by Account deleted

Closed Insecure defaults in SAML plugin by François Marier

Closed Privilege Escalation (MNet) in Mahara 1.4.0 and 1.3.6 by François Marier

Closed Cross-site Request Forgery in Mahara 1.4.0 and 1.3.6 by François Marier

Closed Cross-site Scripting in Mahara 1.4.0 and 1.3.6 by François Marier

Closed Information Disclosure in Mahara 1.4.0 and 1.3.6 by François Marier

Closed Denial of Service in Mahara 1.4.0 and 1.3.6 by François Marier

Closed HTTPS downgrade in Mahara 1.2.8 and 1.3.5 by François Marier

Subscribe to our monthly newsletter

Portfolios for your learning community

Create portfolios

Share work

Engage with others

Listen to portfolio stories

Forums | Mahara Community

Forums / Security Announcements

Closed Security issues relating to passwords <1.7.7, <1.8.4, <1.9.2 by Robert Lyon

Closed Security issues in HTML Purifier external library in <1.6.9, <1.7.5, <1.8.2 by Aaron Wells

Closed Suspended user access vulnerability in <1.6.9, <1.7.5, <1.8.2 by Aaron Wells

Closed Access Folder Artefact Vulnerabilities in <1.5.13, <1.6.8, <1.7.4 by Son Nguyen

Closed Cross-site Scripting Vulnerability in <1.5.12, <1.6.7, <1.7.3 by Aaron Wells

Closed Multiple Access Control Vulnerabilities in <1.5.12, <1.6.7, <1.7.3 by Aaron Wells

Closed RSS feed password vulnerability <1.5.10, <1.6.5, <1.7.1 by Aaron Wells

Closed Cross-site Scripting Vulnerability <1.5.9, <1.6.4 by Aaron Wells

Closed External vulnerability in Mahara flowplayer in <1.5.8 and <1.6.3 by Account deleted

Closed Cross-site Scripting vulnerability in Mahara <1.5.8 and <1.6.3 by Account deleted

Closed Cross-site Scripting Vulnerability < 1.5.7, < 1.6.2 by Account deleted

Closed Click Jacking Vulnerability by Account deleted

Closed Cross-site Scripting Vulnerability by Account deleted

Closed Multiple Cross-site Scripting Vulnerabilities by Account deleted

Closed Remote Code Execution Vulnerability by Account deleted

Closed Conclusion of the Security Bug Bounty by Kristina Hoeppner

Closed XML External Entities Vulnerability in versions 1.4.3 and 1.5.2 by Account deleted

Closed Multiple Cross-site Scripting Vulnerabilities in versions 1.4.2 and 1.5.1 by Account deleted

Closed Insecure defaults in SAML plugin by François Marier

Closed Privilege Escalation (MNet) in Mahara 1.4.0 and 1.3.6 by François Marier

Closed Cross-site Request Forgery in Mahara 1.4.0 and 1.3.6 by François Marier

Closed Cross-site Scripting in Mahara 1.4.0 and 1.3.6 by François Marier

Closed Information Disclosure in Mahara 1.4.0 and 1.3.6 by François Marier

Closed Denial of Service in Mahara 1.4.0 and 1.3.6 by François Marier

Closed HTTPS downgrade in Mahara 1.2.8 and 1.3.5 by François Marier

Subscribe to our monthly newsletter

Forums /
Security Announcements