FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-14 21:31:10 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
cebd05d6-ed7b-11e7-95f2-005056925db4	OTRS -- Multiple vulnerabilities OTRS reports: An attacker who is logged into OTRS as an agent can request special URLs from OTRS which can lead to the execution of shell commands with the permissions of the web server user. An attacker who is logged into OTRS as a customer can use the ticket search form to disclose internal article information of their customer tickets. An attacker who is logged into OTRS as an agent can manipulate form parameters and execute arbitrary shell commands with the permissions of the OTRS or web server user. An attacker can send a specially prepared email to an OTRS system. If this system has cookie support disabled, and a logged in agent clicks a link in this email, the session information could be leaked to external systems, allowing the attacker to take over the agentâs session. Discovery 2017-11-21 Entry 2017-12-30 otrs < 5.0.26 CVE-2017-16664 CVE-2017-16854 CVE-2017-16921 ports/224729 https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/ https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/ https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/ https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/
1e7f0c11-673a-11e5-98c8-60a44c524f57	otrs -- Scheduler Process ID File Access The OTRS project reports: An attacker with valid LOCAL credentials could access and manipulate the process ID file for bin/otrs.schduler.pl from the CLI. The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file. Discovery 2015-09-17 Entry 2015-09-30 otrs > 3.2.* lt 3.2.18 > 3.3.* lt 3.3.15 > 4.0.* lt 4.0.13 https://www.otrs.com/security-advisory-2015-02-scheduler-process-id-file-access/ CVE-2015-6842 CVE-2013-7135

VuXML ID

Description

cebd05d6-ed7b-11e7-95f2-005056925db4

OTRS -- Multiple vulnerabilities

OTRS reports:

An attacker who is logged into OTRS as an agent can request special URLs from OTRS which can lead to the execution of shell commands with the permissions of the web server user.

An attacker who is logged into OTRS as a customer can use the ticket search form to disclose internal article information of their customer tickets.

An attacker who is logged into OTRS as an agent can manipulate form parameters and execute arbitrary shell commands with the permissions of the OTRS or web server user.

An attacker can send a specially prepared email to an OTRS system. If this system has cookie support disabled, and a logged in agent clicks a link in this email, the session information could be leaked to external systems, allowing the attacker to take over the agentâs session.

Discovery 2017-11-21
Entry 2017-12-30
otrs

< 5.0.26

CVE-2017-16664
CVE-2017-16854
CVE-2017-16921
ports/224729
https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/
https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/
https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/
https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/

1e7f0c11-673a-11e5-98c8-60a44c524f57

otrs -- Scheduler Process ID File Access

The OTRS project reports:

An attacker with valid LOCAL credentials could access and manipulate the process ID file for bin/otrs.schduler.pl from the CLI.

The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file.

Discovery 2015-09-17
Entry 2015-09-30
otrs

> 3.2.* lt 3.2.18

> 3.3.* lt 3.3.15

> 4.0.* lt 4.0.13

https://www.otrs.com/security-advisory-2015-02-scheduler-process-id-file-access/
CVE-2015-6842
CVE-2013-7135