FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-18 19:03:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
93688f8f-4935-11e1-89b4-001ec9578670	postfixadmin -- Multiple Vulnerabilities The Postfix Admin Team reports: Multiple XSS vulnerabilities exist: - XSS with $_GET[domain] in templates/menu.php and edit-vacation - XSS in some create-domain input fields - XSS in create-alias and edit-alias error message - XSS (by values stored in the database) in fetchmail list view, list-domain and list-virtual Multiple SQL injection issues exist: - SQL injection in pacrypt() (if $CONF[encrypt] == 'mysql_encrypt') - SQL injection in backup.php - the dump was not mysql_escape()d, therefore users could inject SQL (for example in the vacation message) which will be executed when restoring the database dump. WARNING: database dumps created with backup.php from 2.3.4 or older might contain malicious SQL. Double-check before using them! Discovery 2012-01-27 Entry 2012-01-27 postfixadmin < 2.3.5 CVE-2012-0811 CVE-2012-0812 http://sourceforge.net/projects/postfixadmin/forums/forum/676076/topic/4977778
ff98087f-0a8f-11e4-b00b-5453ed2e2b49	postfixadmin -- SQL injection vulnerability Thijs Kinkhorst reports: Postfixadmin has an SQL injection vulnerability. This vulnerability is only exploitable by authenticated users able to create new aliases. Discovery 2014-03-28 Entry 2014-07-13 Modified 2015-09-28 postfixadmin < 2.3.7 CVE-2014-2655 66455 ports/189248 http://www.openwall.com/lists/oss-security/2014/03/26/6 https://www.debian.org/security/2014/dsa-2889

VuXML ID

Description

93688f8f-4935-11e1-89b4-001ec9578670

postfixadmin -- Multiple Vulnerabilities

The Postfix Admin Team reports:

Multiple XSS vulnerabilities exist:

- XSS with $_GET[domain] in templates/menu.php and edit-vacation

- XSS in some create-domain input fields

- XSS in create-alias and edit-alias error message

- XSS (by values stored in the database) in fetchmail list view, list-domain and list-virtual

Multiple SQL injection issues exist:

- SQL injection in pacrypt() (if $CONF[encrypt] == 'mysql_encrypt')

- SQL injection in backup.php - the dump was not mysql_escape()d, therefore users could inject SQL (for example in the vacation message) which will be executed when restoring the database dump. WARNING: database dumps created with backup.php from 2.3.4 or older might contain malicious SQL. Double-check before using them!

Discovery 2012-01-27
Entry 2012-01-27
postfixadmin

< 2.3.5

CVE-2012-0811
CVE-2012-0812
http://sourceforge.net/projects/postfixadmin/forums/forum/676076/topic/4977778

ff98087f-0a8f-11e4-b00b-5453ed2e2b49

postfixadmin -- SQL injection vulnerability

Thijs Kinkhorst reports:

Postfixadmin has an SQL injection vulnerability. This vulnerability is only exploitable by authenticated users able to create new aliases.

Discovery 2014-03-28
Entry 2014-07-13
Modified 2015-09-28
postfixadmin

< 2.3.7

CVE-2014-2655
66455
ports/189248
http://www.openwall.com/lists/oss-security/2014/03/26/6
https://www.debian.org/security/2014/dsa-2889