FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-18 00:09:58 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
9ee72858-4159-11e5-93ad-002590263bf5	froxlor -- database password information leak oss-security-list@demlak.de reports: An unauthenticated remote attacker is able to get the database password via webaccess due to wrong file permissions of the /logs/ folder in froxlor version 0.9.33.1 and earlier. The plain SQL password and username may be stored in the /logs/sql-error.log file. This directory is publicly reachable under the default configuration/setup. Note that froxlor 0.9.33.2 prevents future logging of passwords but does not retroactively remove passwords already logged. Michael Kaufmann, the Froxlor lead developer reports: Removing all .log files from the directory should do the job, alternatively just use the class.ConfigIO.php from Github Discovery 2015-07-29 Entry 2015-08-13 froxlor < 0.9.33.2 CVE-2015-5959 ports/202262 http://seclists.org/oss-sec/2015/q3/238 https://forum.froxlor.org/index.php/topic/13054-important-bugfix-release-09332/

VuXML ID

Description

9ee72858-4159-11e5-93ad-002590263bf5

froxlor -- database password information leak

oss-security-list@demlak.de reports:

An unauthenticated remote attacker is able to get the database password via webaccess due to wrong file permissions of the /logs/ folder in froxlor version 0.9.33.1 and earlier. The plain SQL password and username may be stored in the /logs/sql-error.log file. This directory is publicly reachable under the default configuration/setup.

Note that froxlor 0.9.33.2 prevents future logging of passwords but does not retroactively remove passwords already logged. Michael Kaufmann, the Froxlor lead developer reports:

Removing all .log files from the directory should do the job, alternatively just use the class.ConfigIO.php from Github

Discovery 2015-07-29
Entry 2015-08-13
froxlor

< 0.9.33.2

CVE-2015-5959
ports/202262
http://seclists.org/oss-sec/2015/q3/238
https://forum.froxlor.org/index.php/topic/13054-important-bugfix-release-09332/