FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f98dea27-d687-11dd-abd1-0050568452actwiki -- multiple vulnerabilities

Marc Schoenefeld and Steve Milner of RedHat SRT and Peter Allor of IBM ISS report:

XSS vulnerability with URLPARAM variable

SEARCH variable allows arbitrary shell command execution


Discovery 2008-12-05
Entry 2008-12-30
twiki
< 4.2.4,1

32668
32669
CVE-2008-5304
CVE-2008-5305
http://secunia.com/advisories/33040
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5304
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-5305
http://www.securitytracker.com/alerts/2008/Dec/1021351.html
http://www.securitytracker.com/alerts/2008/Dec/1021352.html
https://www.it-isac.org/postings/cyber/alertdetail.php?id=4513
http://xforce.iss.net/xforce/xfdb/45293
21ce1840-6107-11e4-9e84-0022156e8794twiki -- remote Perl code execution

TWiki developers report:

The debugenableplugins request parameter allows arbitrary Perl code execution.

Using an HTTP GET request towards a TWiki server, add a specially crafted debugenableplugins request parameter to TWiki's view script (typically port 80/TCP). Prior authentication may or may not be necessary.

A remote attacker can execute arbitrary Perl code to view and modify any file the webserver user has access to.

Example: http://www.example.com/do/view/Main/WebHome?debugenableplugins=BackupRestorePlugin%3bprint("Content-Type:text/html\r\n\r\nVulnerable!")%3bexit

The TWiki site is vulnerable if you see a page with text "Vulnerable!".


Discovery 2014-10-09
Entry 2014-10-31
twiki
< 5.1.4_1,1

CVE-2014-7236
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236