Categories
NVD NVD Nist GOV

NVD – CVE-2004-2776

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2007-0158

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2011-1474

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2012-2237

CVE-2012-2237 Detail

Current Description

Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile.

Source:  MITRE
View Analysis Description

Analysis Description

Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x before 1.4.3 and 1.5.x before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript innerHTML as used when generating login forms, (2) links or (3) resources URLs, and (4) the Display name in a user profile.

Source:  MITRE

Severity

CVSS 3.x Severity and Metrics:

CVSS 2.0 Severity and Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Weakness Enumeration

CWE-ID CWE Name Source
CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) NIST  

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )

 cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*
     Show Matching CPE(s)
From (including)
1.4.0
Up to (excluding)
1.4.3
 cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*
     Show Matching CPE(s)
From (including)
1.5.0
Up to (excluding)
1.5.2

Configuration 2 ( hide )

Change History

1 change record found – show changes

Initial Analysis12/21/2019 9:02:20 AM

Action Type Old Value New Value
Added CPE Configuration
OR
     *cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:* versions from (including) 1.4.0 up to (excluding) 1.4.3
     *cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:* versions from (including) 1.5.0 up to (excluding) 1.5.2
Added CPE Configuration
OR
     *cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
Added CVSS V2
NIST (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Added CVSS V2 Metadata
Victim must voluntarily interact with attack mechanism
Added CVSS V3.1
NIST AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Added CWE
NIST CWE-79
Changed Reference Type
http://www.debian.org/security/2012/dsa-2540 No Types Assigned
http://www.debian.org/security/2012/dsa-2540 Third Party Advisory
Changed Reference Type
https://bugs.launchpad.net/mahara/+bug/1009774 No Types Assigned
https://bugs.launchpad.net/mahara/+bug/1009774 Exploit, Third Party Advisory
Changed Reference Type
https://bugs.launchpad.net/mahara/+bug/1009777 No Types Assigned
https://bugs.launchpad.net/mahara/+bug/1009777 Exploit, Third Party Advisory
Changed Reference Type
https://bugs.launchpad.net/mahara/+bug/1009784 No Types Assigned
https://bugs.launchpad.net/mahara/+bug/1009784 Exploit, Patch, Third Party Advisory
Changed Reference Type
https://mahara.org/interaction/forum/topic.php?id=4748 No Types Assigned
https://mahara.org/interaction/forum/topic.php?id=4748 Patch, Vendor Advisory

Quick Info

CVE Dictionary Entry:
CVE-2012-2237
NVD Published Date:
12/17/2019
NVD Last Modified:
12/21/2019

Categories
NVD NVD Nist GOV

NVD – CVE-2012-2312

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2012-2656

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2012-3409

CVE-2012-3409 Detail

Awaiting Analysis


This vulnerability is currently awaiting analysis.

Description

ecryptfs-utils: suid helper does not restrict mounting filesystems with nosuid,nodev which creates a possible privilege escalation

Source:  MITRE

Severity

CVSS 3.x Severity and Metrics:

CVSS 2.0 Severity and Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Weakness Enumeration

Quick Info

CVE Dictionary Entry:
CVE-2012-3409
NVD Published Date:
12/20/2019
NVD Last Modified:
12/20/2019

Categories
NVD NVD Nist GOV

NVD – CVE-2012-5639

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2012-6094

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Categories
NVD NVD Nist GOV

NVD – CVE-2012-6111

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].