FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-28 14:09:37 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1f655433-551b-11eb-9cda-589cfc0f81b0phpmyfaq -- XSS vulnerability

phpmyfaq developers report:

phpMyFAQ does not implement sufficient checks to avoid XSS injection for displaying tags.


Discovery 2020-12-23
Entry 2021-01-12
phpmyfaq
le 3.0.6

https://www.phpmyfaq.de/security/advisory-2020-12-23
439f3f81-7a49-11ed-97ac-589cfc0f81b0phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report:

an authenticated SQL injection when adding categories in the admin backend

a stored cross-site scripting vulnerability in the category name

a stored cross-site scripting vulnerability in the admin logging

a stored cross-site scripting vulnerability in the FAQ title

a PostgreSQL based SQL injection for the lang parameter

a SQL injection when storing an instance name in the admin backend

a SQL injection when adding attachments in the admin backend

a stored cross-site scripting vulnerability when adding users by admins

a missing "secure" flag for cookies when using TLS

a cross-site request forgery / cross-site scripting vulnerability when saving new questions

a reflected cross-site scripting vulnerability in the admin backend


Discovery 2022-12-11
Entry 2022-12-12
phpmyfaq
< 3.1.9

https://huntr.dev/bounties/a1649f43-78c9-4927-b313-36911872a84b/
https://huntr.dev/bounties/2ec4ddd4-de22-4f2d-ba92-3382b452bfea/
https://huntr.dev/bounties/5915ed4c-5fe2-42e7-8fac-5dd0d032727c/
https://huntr.dev/bounties/5944f154-c0ab-4547-9d9d-3101e86eb975/
https://huntr.dev/bounties/315aa78d-7bd2-4b14-86f2-b5c211e62034/
https://huntr.dev/bounties/eb3a8ea3-daea-4555-a3e6-80b82f533792/
https://huntr.dev/bounties/faac0c92-8d4b-4901-a933-662b661a3f99/
https://huntr.dev/bounties/56499a60-2358-41fe-9b38-8cb23cdfc17c/
https://huntr.dev/bounties/f531bbf2-32c8-4efe-8156-ae9bc6b5d3aa/
https://huntr.dev/bounties/322c12b1-08d5-4ee3-9d94-d4bb40366c7a/
https://huntr.dev/bounties/f2857bc7-8fbc-489a-9a38-30b93300eec5/
3b86583a-66a7-11e3-868f-0025905a4771phpmyfaq -- arbitrary PHP code execution vulnerability

The phpMyFAQ team reports:

Secunia noticed while analysing the advisory that authenticated users with "Right to add attachments" are able to exploit an already publicly known issue in the bundled Ajax File Manager of phpMyFAQ version 2.8.3, which leads to arbitrary PHP code execution for authenticated users with the permission "Right to add attachments".


Discovery 2013-11-26
Entry 2013-12-16
Modified 2013-12-17
phpmyfaq
< 2.8.4

http://en.securitylab.ru/lab/PT-2013-41
http://www.phpmyfaq.de/advisory_2013-11-26.php
c80a3d93-8632-11e1-a374-14dae9ebcf89phpmyfaq -- Remote PHP Code Execution Vulnerability

The phpMyFAQ project reports:

The bundled ImageManager library allows injection of arbitrary PHP code to execute arbitrary PHP code and upload malware and trojan horses.


Discovery 2012-04-14
Entry 2012-04-14
phpmyfaq
< 2.7.5

http://www.phpmyfaq.de/advisory_2012-04-14.php
395e0faa-ffa7-11e0-8ac4-6c626dd55a41phpmyfaq -- Remote PHP Code Injection Vulnerability

The phpMyFAQ project reports:

The phpMyFAQ Team has learned of a serious security issue that has been discovered in our bundled ImageManager library we use in phpMyFAQ 2.6 and 2.7. The bundled ImageManager library allows injection of arbitrary PHP code via POST requests.


Discovery 2011-10-25
Entry 2011-10-26
phpmyfaq
< 2.6.19

http://www.phpmyfaq.de/advisory_2011-10-25.php
http://forum.phpmyfaq.de/viewtopic.php?f=3&t=13402
4dd575b8-8f82-11e3-bb11-0025905a4771phpmyfaq -- multiple vulnerabilities

The phpMyFAQ team reports:

An arbitrary script may be executed on the user's Internet Explorer when using an older version of the browser. If a user views a malicious page while logged in, settings may be changed unintentionally.


Discovery 2014-02-04
Entry 2014-02-06
phpmyfaq
< 2.8.6

CVE-2014-0813
CVE-2014-0814
http://www.phpmyfaq.de/advisory_2014-02-04.php
8b3be705-eba7-11ee-99b3-589cfc0f81b0phpmyfaq -- multiple vulnerabilities

phpMyFAQ team reports:

The phpMyFAQ Team has learned of multiple security issues that'd been discovered in phpMyFAQ 3.2.5 and earlier. phpMyFAQ contains cross-site scripting (XSS), SQL injection and bypass vulnerabilities.


Discovery 2024-03-25
Entry 2024-03-26
phpmyfaq-php81
phpmyfaq-php82
phpmyfaq-php83
< 3.2.6

https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw
cbfc1591-c8c0-11ee-b45a-589cfc0f81b0phpmyfaq -- multiple vulnerabilities

phpMyFAQ team reports:

phpMyFAQ doesn't implement sufficient checks to avoid XSS when storing on attachments filenames. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account.


Discovery 2024-02-05
Entry 2024-02-11
phpmyfaq-php81
phpmyfaq-php82
phpmyfaq-php83
< 3.2.5

https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35
ddd3fcc9-2bdd-11ee-9af4-589cfc0f81b0phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report:

Cross Site Scripting vulnerability

CSV injection vulnerability


Discovery 2023-07-16
Entry 2023-08-23
phpmyfaq-php80
phpmyfaq-php81
phpmyfaq-php82
phpmyfaq-php83
< 3.1.16

https://huntr.dev/bounties/e891dcbc-2092-49d3-9518-23e37187a5ea/
https://huntr.dev/bounties/36149a42-cbd5-445e-a371-e351c899b189/
4f370c80-79ce-11ee-be8e-589cfc0f81b0phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report:

XSS

Insufficient session expiration


Discovery 2023-10-31
Entry 2023-11-02
phpmyfaq-php80
phpmyfaq-php81
phpmyfaq-php82
phpmyfaq-php83
< 3.2.2

CVE-2023-5863
CVE-2023-5865
https://nvd.nist.gov/vuln/detail/CVE-2023-5863
https://nvd.nist.gov/vuln/detail/CVE-2023-5865
https://huntr.com/bounties/fbfd4e84-61fb-4063-8f11-15877b8c1f6f/
https://huntr.com/bounties/4c4b7395-d9fd-4ca0-98d7-2e20c1249aff/
f87a9376-0943-11e6-8fc4-00a0986f28c4phpmyfaq -- cross-site request forgery vulnerability

The phpMyFAQ team reports:

The vulnerability exists due to application does not properly verify origin of HTTP requests in "Interface Translation" functionality.: A remote unauthenticated attacker can create a specially crafted malicious web page with CSRF exploit, trick a logged-in administrator to visit the page, spoof the HTTP request, as if it was coming from the legitimate user, inject and execute arbitrary PHP code on the target system with privileges of the webserver.


Discovery 2016-04-11
Entry 2016-04-23
phpmyfaq
< 2.8.27

http://www.phpmyfaq.de/security/advisory-2016-04-11
https://www.htbridge.com/advisory/HTB23300
33888815-631e-4bba-b776-a9b46fe177b5phpmyfaq -- multiple issues

phpmyfaq developers report:

Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the Questions field in an "Add New FAQ" action.

Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.


Discovery 2017-09-20
Entry 2017-09-29
phpmyfaq
le 2.9.8

https://www.exploit-db.com/exploits/42761/
https://github.com/thorsten/phpMyFAQ/commit/30b0025e19bd95ba28f4eff4d259671e7bb6bb86
CVE-2017-14618
CVE-2017-14619
6bacd9fd-ca56-11ed-bc52-589cfc0f81b0phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report:

XSS

weak passwords

privilege escalation

Captcha bypass


Discovery 2023-03-20
Entry 2023-03-24
phpmyfaq
< 3.1.12

https://huntr.dev/bounties/e8109aed-d364-4c0c-9545-4de0347b10e1/
https://huntr.dev/bounties/39715aaf-e798-4c60-97c4-45f4f2cd5c61/
https://huntr.dev/bounties/01d6ae23-3a8f-42a8-99f4-10246187d71b/
https://huntr.dev/bounties/dda73cb6-9344-4822-97a1-2e31efb6a73e/
https://huntr.dev/bounties/529f2361-eb2e-476f-b7ef-4e561a712e28/
https://huntr.dev/bounties/1dc7f818-c8ea-4f80-b000-31b48a426334/
https://huntr.dev/bounties/e495b443-b328-42f5-aed5-d68b929b4cb9/
https://huntr.dev/bounties/ece5f051-674e-4919-b998-594714910f9e/
https://huntr.dev/bounties/93f981a3-231d-460d-a239-bb960e8c2fdc/
https://huntr.dev/bounties/e4a58835-96b5-412c-a17e-3ceed30231e1/
https://huntr.dev/bounties/b7d244b7-5ac3-4964-81ee-8dbb5bb5e33a/
https://huntr.dev/bounties/24c0a65f-0751-4ff8-af63-4b325ac8879f/
https://huntr.dev/bounties/3c2374cc-7082-44b7-a6a6-ccff7a650a3a/
https://huntr.dev/bounties/0854328e-eb00-41a3-9573-8da8f00e369c/
https://huntr.dev/bounties/2f1e417d-cf64-4cfb-954b-3a9cb2f38191/
https://huntr.dev/bounties/584a200a-6ff8-4d53-a3c0-e7893edff60c/
https://huntr.dev/bounties/bce84c02-abb2-474f-a67b-1468c9dcabb8/
https://huntr.dev/bounties/882ffa07-5397-4dbb-886f-4626859d711a/
https://huntr.dev/bounties/8ab09a1c-cfd5-4ce0-aae3-d33c93318957/
https://huntr.dev/bounties/2d0ac48a-490d-4548-8d98-7447042dd1b5/
bb528d7c-e2c6-11ed-a3e6-589cfc0f81b0phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report:

XSS

email address manipulation


Discovery 2023-04-23
Entry 2023-04-24
phpmyfaq
< 3.1.13

https://huntr.dev/bounties/20d3a0b3-2693-4bf1-b196-10741201a540/
https://huntr.dev/bounties/89005a6d-d019-4cb7-ae88-486d2d44190d/
https://huntr.dev/bounties/cee65b6d-b003-4e6a-9d14-89aa94bee43e/
https://huntr.dev/bounties/840c8d91-c97e-4116-a9f8-4ab1a38d239b/
3eccc968-ab17-11ed-bd9e-589cfc0f81b0phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report:

a bypass to flood admin with FAQ proposals

stored XSS in questions

stored HTML injections

weak passwords


Discovery 2023-02-12
Entry 2023-02-12
phpmyfaq
< 3.1.11

https://huntr.dev/bounties/14fc4841-0f5d-4e12-bf9e-1b60d2ac6a6c/
https://huntr.dev/bounties/8c74ccab-0d1d-4c6b-a0fa-803aa65de04f/
https://huntr.dev/bounties/87397c71-7b84-4617-a66e-fa6c73be9024/
https://huntr.dev/bounties/808d5452-607c-4af1-812f-26c49faf3e61/
https://huntr.dev/bounties/d9375178-2f23-4f5d-88bd-bba3d6ba7cc5/
https://huntr.dev/bounties/06af150b-b481-4248-9a48-56ded2814156/
https://huntr.dev/bounties/7152b340-c6f3-4ac8-9f62-f764a267488d/
https://huntr.dev/bounties/9e21156b-ab1d-4c60-88ef-8c9f3e2feb7f/
https://huntr.dev/bounties/b3881a1f-2f1e-45cb-86f3-735f66e660e9/
https://huntr.dev/bounties/949975f1-271d-46aa-85e5-1a013cdb5efb/
005dfb48-990d-11ed-b9d3-589cfc0f81b0phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report:

phpMyFAQ does not implement sufficient checks to avoid a stored XSS in "Add new question"

phpMyFAQ does not implement sufficient checks to avoid a stored XSS in admin user page

phpMyFAQ does not implement sufficient checks to avoid a stored XSS in FAQ comments

phpMyFAQ does not implement sufficient checks to avoid a blind stored XSS in admin open question page

phpMyFAQ does not implement sufficient checks to avoid a reflected XSS in the admin backend login

phpMyFAQ does not implement sufficient checks to avoid stored XSS on user, category, FAQ, news and configuration admin backend

phpMyFAQ does not implement sufficient checks to avoid weak passwords


Discovery 2023-01-15
Entry 2023-01-20
phpmyfaq
< 3.1.10

https://huntr.dev/bounties/cbba22f0-89ed-4d01-81ea-744979c8cbde/
https://huntr.dev/bounties/fac01e9f-e3e5-4985-94ad-59a76485f215/
https://huntr.dev/bounties/83cfed62-af8b-4aaa-94f2-5a33dc0c2d69/
https://huntr.dev/bounties/051d5e20-7fab-4769-bd7d-d986b804bb5a/
https://huntr.dev/bounties/c03c5925-43ff-450d-9827-2b65a3307ed6/
https://huntr.dev/bounties/f50ec8d1-cd60-4c2d-9ab8-3711870d83b9/
https://huntr.dev/bounties/82b0b629-c56b-4651-af3f-17f749751857/
https://huntr.dev/bounties/eac0a9d7-9721-4191-bef3-d43b0df59c67/
https://huntr.dev/bounties/bc27e84b-1f91-4e1b-a78c-944edeba8256/
f5a48a7a-61d3-11ed-9094-589cfc0f81b0phpmyfaq -- multiple vulnerabilities

phpmyfaq developers report:

a pre-auth SQL injection in then saving user comments

a reflected cross-site scripting vulnerability in the search

a stored cross-site scripting vulnerability in the meta data administration

a weak password requirement


Discovery 2022-10-24
Entry 2022-11-11
phpmyfaq
< 3.1.8

https://huntr.dev/bounties/613143a1-8e51-449a-b214-12458308835d/
https://huntr.dev/bounties/d9666520-4ff5-43bb-aacf-50c8e5570983/
https://huntr.dev/bounties/f4711d7f-1368-48ab-9bef-45f32e356c47/
c253c4aa-5126-11ed-8a21-589cfc0f81b0phpmyfaq -- CSRF vulnerability

phpmyfaq developers report:

phpMyFAQ does not implement sufficient checks to avoid CSRF when logging out an user.


Discovery 2022-10-02
Entry 2022-10-21
phpmyfaq
< 3.1.7

https://huntr.dev/bounties/76095ac1-da12-449b-9564-4a086be96592/