This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-12-18 19:03:49 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
d4a7054a-6d96-11d9-a9e7-0001020eed82 | yamt -- arbitrary command execution vulnerability Manigandan Radhakrishnan discovered a security
vulnerability in YAMT which can lead to execution of
arbitrary commands with the privileges of the user running
YAMT when sorting based on MP3 tags. The problem exist in
the Discovery 2004-12-15 Entry 2005-01-23 Modified 2005-01-25 yamt < 0.5_2 11999 CVE-2004-1302 http://tigger.uic.edu/~jlongs2/holes/yamt.txt |
99b5cfa5-d3d2-11d9-8ffb-00061bc2ad93 | yamt -- buffer overflow and directory traversal issues Stanislav Brabec discovered errors in yamt's path name handling that lead to buffer overflows and directory traversal issues. When processing a file with a maliciously crafted ID3 tag, yamt might overwrite arbitrary files or possibly execute arbitrary code. The SuSE package ChangeLog contains:
Discovery 2005-01-20 Entry 2005-06-03 yamt < 0.5_2 CVE-2005-1846 CVE-2005-1847 http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/yamt-0.5-1277.src.rpm |