FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-16 12:24:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
8d10038e-515c-11df-83fb-0015587e2cc1	joomla -- multiple vulnerabilities Joomla! reported the following vulnerabilities: If a user entered a URL with a negative query limit or offset, a PHP notice would display revealing information about the system.. The migration script in the Joomla! installer does not check the file type being uploaded. If the installation application is present, an attacker could use it to upload malicious files to a server. Session id doesn't get modified when user logs in. A remote site may be able to forward a visitor to the Joomla! site and set a specific cookie. If the user then logs in, the remote site can use that cookie to authenticate as that user. When a user requests a password reset, the reset tokens were stored in plain text in the database. While this is not a vulnerability in itself, it allows user accounts to be compromised if there is an extension on the site with an SQL injection vulnerability. Discovery 2010-04-23 Entry 2010-04-26 joomla15 >= 1.5.1 le 1.5.15 http://developer.joomla.org/security/news/308-20100423-core-password-reset-tokens.html http://developer.joomla.org/security/news/309-20100423-core-sessation-fixation.html http://developer.joomla.org/security/news/310-20100423-core-installer-migration-script.html http://developer.joomla.org/security/news/311-20100423-core-negative-values-for-limit-and-offset.html

VuXML ID

Description

8d10038e-515c-11df-83fb-0015587e2cc1

joomla -- multiple vulnerabilities

Joomla! reported the following vulnerabilities:

If a user entered a URL with a negative query limit or offset, a PHP notice would display revealing information about the system..

The migration script in the Joomla! installer does not check the file type being uploaded. If the installation application is present, an attacker could use it to upload malicious files to a server.

Session id doesn't get modified when user logs in. A remote site may be able to forward a visitor to the Joomla! site and set a specific cookie. If the user then logs in, the remote site can use that cookie to authenticate as that user.

When a user requests a password reset, the reset tokens were stored in plain text in the database. While this is not a vulnerability in itself, it allows user accounts to be compromised if there is an extension on the site with an SQL injection vulnerability.

Discovery 2010-04-23
Entry 2010-04-26
joomla15

>= 1.5.1 le 1.5.15

http://developer.joomla.org/security/news/308-20100423-core-password-reset-tokens.html
http://developer.joomla.org/security/news/309-20100423-core-sessation-fixation.html
http://developer.joomla.org/security/news/310-20100423-core-installer-migration-script.html
http://developer.joomla.org/security/news/311-20100423-core-negative-values-for-limit-and-offset.html