FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
21ce1840-6107-11e4-9e84-0022156e8794	twiki -- remote Perl code execution TWiki developers report: The debugenableplugins request parameter allows arbitrary Perl code execution. Using an HTTP GET request towards a TWiki server, add a specially crafted debugenableplugins request parameter to TWiki's view script (typically port 80/TCP). Prior authentication may or may not be necessary. A remote attacker can execute arbitrary Perl code to view and modify any file the webserver user has access to. Example: http://www.example.com/do/view/Main/WebHome?debugenableplugins=BackupRestorePlugin%3bprint("Content-Type:text/html\r\n\r\nVulnerable!")%3bexit The TWiki site is vulnerable if you see a page with text "Vulnerable!". Discovery 2014-10-09 Entry 2014-10-31 twiki < 5.1.4_1,1 CVE-2014-7236 http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236
f98dea27-d687-11dd-abd1-0050568452ac	twiki -- multiple vulnerabilities Marc Schoenefeld and Steve Milner of RedHat SRT and Peter Allor of IBM ISS report: XSS vulnerability with URLPARAM variable SEARCH variable allows arbitrary shell command execution Discovery 2008-12-05 Entry 2008-12-30 twiki < 4.2.4,1 32668 32669 CVE-2008-5304 CVE-2008-5305 http://secunia.com/advisories/33040 http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5304 http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305 http://www.securitytracker.com/alerts/2008/Dec/1021351.html http://www.securitytracker.com/alerts/2008/Dec/1021352.html https://www.it-isac.org/postings/cyber/alertdetail.php?id=4513 http://xforce.iss.net/xforce/xfdb/45293

VuXML ID

Description

21ce1840-6107-11e4-9e84-0022156e8794

twiki -- remote Perl code execution

TWiki developers report:

The debugenableplugins request parameter allows arbitrary Perl code execution.

Using an HTTP GET request towards a TWiki server, add a specially crafted debugenableplugins request parameter to TWiki's view script (typically port 80/TCP). Prior authentication may or may not be necessary.

A remote attacker can execute arbitrary Perl code to view and modify any file the webserver user has access to.

Example: http://www.example.com/do/view/Main/WebHome?debugenableplugins=BackupRestorePlugin%3bprint("Content-Type:text/html\r\n\r\nVulnerable!")%3bexit

The TWiki site is vulnerable if you see a page with text "Vulnerable!".

Discovery 2014-10-09
Entry 2014-10-31
twiki

< 5.1.4_1,1

CVE-2014-7236
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236

f98dea27-d687-11dd-abd1-0050568452ac

twiki -- multiple vulnerabilities

Marc Schoenefeld and Steve Milner of RedHat SRT and Peter Allor of IBM ISS report:

XSS vulnerability with URLPARAM variable

SEARCH variable allows arbitrary shell command execution

Discovery 2008-12-05
Entry 2008-12-30
twiki

< 4.2.4,1

32668
32669
CVE-2008-5304
CVE-2008-5305
http://secunia.com/advisories/33040
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5304
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305
http://www.securitytracker.com/alerts/2008/Dec/1021351.html
http://www.securitytracker.com/alerts/2008/Dec/1021352.html
https://www.it-isac.org/postings/cyber/alertdetail.php?id=4513
http://xforce.iss.net/xforce/xfdb/45293