FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-20 14:15:46 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8d10038e-515c-11df-83fb-0015587e2cc1joomla -- multiple vulnerabilities

Joomla! reported the following vulnerabilities:

If a user entered a URL with a negative query limit or offset, a PHP notice would display revealing information about the system..

The migration script in the Joomla! installer does not check the file type being uploaded. If the installation application is present, an attacker could use it to upload malicious files to a server.

Session id doesn't get modified when user logs in. A remote site may be able to forward a visitor to the Joomla! site and set a specific cookie. If the user then logs in, the remote site can use that cookie to authenticate as that user.

When a user requests a password reset, the reset tokens were stored in plain text in the database. While this is not a vulnerability in itself, it allows user accounts to be compromised if there is an extension on the site with an SQL injection vulnerability.


Discovery 2010-04-23
Entry 2010-04-26
joomla15
>= 1.5.1 le 1.5.15

http://developer.joomla.org/security/news/308-20100423-core-password-reset-tokens.html
http://developer.joomla.org/security/news/309-20100423-core-sessation-fixation.html
http://developer.joomla.org/security/news/310-20100423-core-installer-migration-script.html
http://developer.joomla.org/security/news/311-20100423-core-negative-values-for-limit-and-offset.html
739b94a4-838b-11de-938e-003048590f9ejoomla15 -- com_mailto Timeout Issue

Joomla! Security Center reports:

In com_mailto, it was possible to bypass timeout protection against sending automated emails.


Discovery 2009-07-22
Entry 2009-08-07
Modified 2009-08-11
joomla15
< 1.5.14

http://developer.joomla.org/security.html
http://secunia.com/advisories/36097/