This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-05-25 07:15:41 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
7e580822-8cd8-11d9-8c81-000a95bc6fae | postnuke -- cross-site scripting (XSS) vulnerabilities A cross-site scripting vulnerability is present in the PostNuke PHP content management system. By passing data injected through exploitable errors in input validation, an attacker can insert code which will run on the machine of anybody viewing the page. It is feasible that this attack could be used to retrieve session information from cookies, thereby allowing the attacker to gain administrative access to the CMS. Discovery 2005-02-28 Entry 2005-03-04 postnuke < 0.760 CVE-2005-0616 http://marc.theaimsgroup.com/?l=bugtraq&m=110962768300373 http://news.postnuke.com/Article2669.html |
0274a9f1-0759-11da-bc08-0001020eed82 | postnuke -- multiple vulnerabilities Postnuke Security Announcementss reports of the following vulnerabilities:
Discovery 2005-05-27 Entry 2005-08-08 postnuke < 0.760 CVE-2005-1621 CVE-2005-1695 CVE-2005-1696 CVE-2005-1698 CVE-2005-1777 CVE-2005-1778 CVE-2005-1921 http://marc.theaimsgroup.com/?l=bugtraq&m=111721364707520 http://secunia.com/advisories/15450/ http://news.postnuke.com/Article2691.html http://news.postnuke.com/Article2699.html |
f3eec2b5-8cd8-11d9-8066-000a95bc6fae | postnuke -- SQL injection vulnerabilities Two separate SQL injection vulnerabilities have been identified in the PostNuke PHP content management system. An attacker can use this vulnerability to potentially insert executable PHP code into the content management system (to view all files within the PHP scope, for instance). Various other SQL injection vulnerabilities exist, which give attackers the ability to run SQL queries on any tables within the database. Discovery 2005-02-28 Entry 2005-03-04 postnuke < 0.760 CVE-2005-0617 CVE-2005-0615 http://marc.theaimsgroup.com/?l=bugtraq&m=110962710805864 http://marc.theaimsgroup.com/?l=bugtraq&m=110962819232255 http://news.postnuke.com/Article2669.html |
35f2679f-52d7-11db-8f1a-000a48049292 | postnuke -- admin section SQL injection ISS X-Force reports:
Discovery 2006-09-29 Entry 2006-10-03 Modified 2007-11-17 postnuke < 0.763 20317 CVE-2006-5121 http://xforce.iss.net/xforce/xfdb/29271 http://www.securityfocus.com/archive/1/archive/1/447361/100/0/threaded http://secunia.com/advisories/22197/ |