This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-05-29 17:22:06 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
03653079-8594-11d9-afa0-003048705d5a | phpbb -- multiple information disclosure vulnerabilities psoTFX reports:
The ChangeLog for phpBB 2.0.12 states:
Discovery 2005-02-22 Entry 2005-02-23 Modified 2005-02-25 phpbb < 2.0.12 http://www.phpbb.com/support/documents.php?mode=changelog http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=265423 ports/77943 |
28c9243a-72ed-11da-8c1d-000e0c2e438a | phpbb -- multiple vulnerabilities Multiple vulnerabilities have been reported within phpbb. phpbb is proven vulnerable to:
Discovery 2005-10-24 Entry 2006-02-16 phpbb zh-phpbb-tw < 2.0.18 15170 15243 CVE-2005-3310 CVE-2005-3415 CVE-2005-3416 CVE-2005-3417 CVE-2005-3418 CVE-2005-3419 CVE-2005-3420 CVE-2005-3536 CVE-2005-3537 http://marc.theaimsgroup.com/?l=bugtraq&m=113017003617987 http://www.hardened-php.net/advisory_172005.75.html |
326c517a-d029-11d9-9aed-000e0c2e438a | phpbb -- multiple vulnerabilities phpBB is vulnerable to remote exploitation of an input validation vulnerability allows attackers to read the contents of arbitrary system files under the privileges of the webserver. This also allows remote attackers to unlink arbitrary system files under the privileges of the webserver. Discovery 2005-02-22 Entry 2005-07-09 phpbb < 2.0.12 12618 12621 12623 CVE-2005-0258 CVE-2005-0259 http://security.gentoo.org/glsa/glsa-200503-02.xml http://www.idefense.com/application/poi/display?id=205&type=vulnerabilities http://www.idefense.com/application/poi/display?id=204&type=vulnerabilities |
4a0b334d-8d8d-11d9-afa0-003048705d5a | phpbb -- Insuffient check against HTML code in usercp_register.php Neo Security Team reports:
This is a low risk vulnerability that allows users to bypass forum-wide configuration. Discovery 2005-02-28 Entry 2005-03-05 Modified 2005-03-07 phpbb le 2.0.13 http://marc.theaimsgroup.com/?l=bugtraq&m=110987231502274 http://marc.theaimsgroup.com/?l=bugtraq&m=110988400407204 |
4afacca1-eb9d-11d9-a8bd-000cf18bbe54 | phpbb -- remote PHP code execution vulnerability FrSIRT Advisory reports:
Discovery 2005-06-28 Entry 2005-07-03 Modified 2005-07-07 phpbb < 2.0.16 CVE-2005-2086 http://www.frsirt.com/english/advisories/2005/0904 http://www.phpbb.com/phpBB/viewtopic.php?t=302011 |
53e711ed-8972-11d9-9ff8-00306e01dda2 | phpbb -- privilege elevation and path disclosure The phpbb developer group reports:
Discovery 2005-02-27 Entry 2005-02-28 Modified 2005-03-05 phpbb < 2.0.13 http://www.phpbb.com/phpBB/viewtopic.php?t=267563 12678 |
70f5b3c6-80f0-11d8-9645-0020ed76ef5a | Critical SQL injection in phpBB Anyone can get admin's username and password's md5 hash via a single web request. A working example is provided in the advisory. Discovery 2004-03-26 Entry 2004-03-28 phpbb le 2.0.8 http://marc.theaimsgroup.com/?l=bugtraq&m=108032454818873 9984 |
86526ba4-53c8-11db-8f1a-000a48049292 | phpbb -- NULL byte injection vulnerability Secunia reports:
Discovery 2006-09-12 Entry 2006-10-04 Modified 2006-12-24 phpbb zh-phpbb-tw < 2.0.22 20347 CVE-2006-4758 http://secunia.com/advisories/22188/ http://xforce.iss.net/xforce/xfdb/28884 http://www.security.nnov.ru/Odocument221.html |
a56a72bb-9f72-11d8-9585-0020ed76ef5a | phpBB session table exhaustion The includes/sessions.php unnecessarily adds session item into session table and therefore vulnerable to a denial-of-service attack. Discovery 2004-03-05 Entry 2004-05-06 phpbb le 2.0.8_2 http://marc.theaimsgroup.com/?l=bugtraq&m=108256462710010 |
c551ae17-7f00-11d8-868e-000347dd607f | multiple vulnerabilities in phpBB Users with admin rights can severly damage an phpBB installation, potentially triggered by viewing a page with a malicious link sent by an attacker. Discovery 2004-03-20 Entry 2004-03-26 Modified 2004-03-29 phpbb < 2.0.8 http://www.gulftech.org/03202004.php http://www.phpbb.com/phpBB/viewtopic.php?t=183982 9942 |
cfe17ca6-6858-4805-ba1d-a60a61ec9b4d | phpBB IP address spoofing The common.php script always trusts the `X-Forwarded-For' header in the client's HTTP request. A remote user could forge this header in order to bypass any IP address access control lists (ACLs). Discovery 2004-04-18 Entry 2004-04-23 phpbb le 2.0.8_2 http://marc.theaimsgroup.com/?l=bugtraq&m=108239864203144 |
e3cf89f0-53da-11d9-92b7-ceadd4ac2edd | phpbb -- arbitrary command execution and other vulnerabilities The ChangeLog for phpBB 2.0.11 states:
Additionally, a US-CERT Technical Cyber Security Alert reports:
Discovery 2004-11-18 Entry 2004-12-22 Modified 2005-01-24 phpbb < 2.0.11 CVE-2004-1315 ports/74106 TA04-356A 497400 http://www.phpbb.com/support/documents.php?mode=changelog http://marc.theaimsgroup.com/?l=bugtraq&m=110029415208724 http://marc.theaimsgroup.com/?l=bugtraq&m=110079436714518 http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240636 |