FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-22 18:21:47 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
11351c82-9909-11e5-a9c8-14dae9d5a9d2piwik -- multiple vulnerabilities

Piwik changelog reports:

This release is rated critical. We are grateful for Security researchers who disclosed security issues privately to the Piwik Security Response team: Elamaran Venkatraman, Egidio Romano and Dmitriy Shcherbatov. The following vulnerabilities were fixed: XSS, CSRF, possible file inclusion in older PHP versions (low impact), possible Object Injection Vulnerability (low impact).


Discovery 2015-11-17
Entry 2015-12-02
piwik
< 2.15.0

CVE-2015-7815
CVE-2015-7816
http://piwik.org/changelog/piwik-2-15-0/
22775cdd-395a-11e6-b3c8-14dae9d210b8piwik -- XSS vulnerability

Piwik reports:

The Piwik Security team is grateful for the responsible disclosures by our security researchers: Egidio Romano (granted a critical security bounty), James Kettle and Paweł Bartunek (XSS) and Emanuel Bronshtein (limited XSS).


Discovery 2016-04-11
Entry 2016-06-23
piwik
< 2.16.1

http://piwik.org/changelog/piwik-2-16-1/
23c8423e-9bff-11e0-8ea2-0019d18c446aPiwik -- remote command execution vulnerability

The Piwik security advisory reports:

The Piwik 1.5 release addresses a critical security vulnerability, which affect all Piwik users that have let granted some access to the "anonymous" user.

Piwik contains a remotely exploitable vulnerability that could allow a remote attacker to execute arbitrary code. Only installations that have granted untrusted view access to their stats (ie. grant "view" access to a website to anonymous) are at risk.


Discovery 2011-06-21
Entry 2011-06-21
piwik
ge 1.2 lt 1.5

ports/158084
http://piwik.org/blog/2011/06/piwik-1-5-security-advisory/
26e1c48a-9fa7-11df-81b5-00e0814cab4ePiwik -- Local File Inclusion Vulnerability

Piwik versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote file inclusion using a directory traversal pattern infinite a crafted request for a data renderer.

A vulnerability has been reported in Piwik, which can before exploited by malicious people to disclose potentially sensitive information. Input passed to unspecified parameters when requesting a data renderer is not properly verified before being used to include files. This can be exploited to includes arbitrary files from local resources via directory traversal attacks.


Discovery 2010-07-28
Entry 2010-08-04
piwik
gt 0.6 lt 0.6.3

CVE-2010-2786
http://secunia.com/advisories/40703
28bf62ef-5e2c-11e6-a15f-00248c0c745dpiwik -- XSS vulnerability

Piwik reports:

We have identified and fixed several XSS security issues in this release.


Discovery 2016-08-03
Entry 2016-08-09
piwik
< 2.16.2

We have identified and fixed several XSS security issues in this release.
411ecb79-f9bc-11e0-a7e6-6c626dd55a41piwik -- unknown critical vulnerabilities

Secunia reports:

Multiple vulnerabilities with an unknown impact have been reported in Piwik. The vulnerabilities are caused due to unspecified errors. No further information is currently available.


Discovery 2011-10-18
Entry 2011-10-20
piwik
gt 1.1 lt 1.6

http://secunia.com/advisories/46461/
http://piwik.org/blog/2011/10/piwik-1-6/
c0869649-5a0c-11df-942d-0015587e2cc1piwik -- cross site scripting vulnerability

The Piwik security advisory reports:

A non-persistent, cross-site scripting vulnerability (XSS) was found in Piwik's Login form that reflected the form_url parameter without being properly escaped or filtered.


Discovery 2010-04-15
Entry 2010-05-07
piwik
le 0.5.5

CVE-2010-1453
http://piwik.org/blog/2010/04/piwik-0-6-security-advisory/
da317bc9-59a6-11e1-bc16-0023ae8e59f0piwik -- xss and click-jacking issues

The Piwik Team reports:

We would like to thank the following security researchers for their responsible disclosure of XSS and click-jacking issues: Piotr Duszynski, Sergey Markov, Mauro Gentile.


Discovery 2012-02-16
Entry 2012-02-16
piwik
< 1.7

"http://piwik.org/blog/2012/02/7775/"
fcbf56dd-e667-11de-920a-00248c9b4be7piwik -- php code execution

secunia reports:

Stefan Esser has reported a vulnerability in Piwik, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the core/Cookie.php script using "unserialize()" with user controlled input. This can be exploited to e.g. execute arbitrary PHP code via the "__wakeup()" or "__destruct()" methods of a serialized object passed via an HTTP cookie.


Discovery 2009-12-10
Entry 2009-12-11
Modified 2010-05-02
piwik
< 0.5.1

CVE-2009-4137
http://secunia.com/advisories/37649/
http://www.sektioneins.de/de/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability/index.html
http://piwik.org/blog/2009/12/piwik-response-to-shocking-news-in-php-exploitation/