FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
3caf4e6c-4cef-11e6-a15f-00248c0c745d	typo3 -- Missing access check in Extbase TYPO3 reports: Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. The missing access check inevitably leads to information disclosure or remote code execution, depending on the action that an attacker is able to execute. Discovery 2016-05-24 Entry 2016-07-18 typo3 < 7.6.8 typo3-lts < 6.2.24 CVE-2016-5091 https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/ https://wiki.typo3.org/TYPO3_CMS_7.6.8 https://wiki.typo3.org/TYPO3_CMS_6.2.24
a0d77bc8-c6a7-11e5-96d6-14dae9d210b8	typo3 -- multiple vulnerabilities TYPO3 Security Team reports: It has been discovered that TYPO3 CMS is susceptible to Cross-Site Scripting and Cross-Site Flashing. Discovery 2015-12-15 Entry 2016-01-29 typo3 < 7.6.1 typo3-lts < 6.2.16 http://lists.typo3.org/pipermail/typo3-announce/2015/000351.html https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-010/ https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/ https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/ https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/ https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014/ https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-015/

VuXML ID

Description

3caf4e6c-4cef-11e6-a15f-00248c0c745d

typo3 -- Missing access check in Extbase

TYPO3 reports:

Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. The missing access check inevitably leads to information disclosure or remote code execution, depending on the action that an attacker is able to execute.

Discovery 2016-05-24
Entry 2016-07-18
typo3

< 7.6.8

typo3-lts

< 6.2.24

CVE-2016-5091
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/
https://wiki.typo3.org/TYPO3_CMS_7.6.8
https://wiki.typo3.org/TYPO3_CMS_6.2.24

a0d77bc8-c6a7-11e5-96d6-14dae9d210b8

typo3 -- multiple vulnerabilities

TYPO3 Security Team reports:

It has been discovered that TYPO3 CMS is susceptible to Cross-Site Scripting and Cross-Site Flashing.

Discovery 2015-12-15
Entry 2016-01-29
typo3

< 7.6.1

typo3-lts

< 6.2.16

http://lists.typo3.org/pipermail/typo3-announce/2015/000351.html
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-010/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-015/