FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2430e9c3-8741-11de-938e-003048590f9ewordpress -- remote admin password reset vulnerability

WordPress reports:

A specially crafted URL could be requested that would allow an attacker to bypass a security check to verify a user requested a password reset. As a result, the first account without a key in the database (usually the admin account) would have its password reset and a new password would be emailed to the account owner.


Discovery 2009-08-10
Entry 2009-08-12
Modified 2010-05-02
wordpress
< 2.8.4,1

de-wordpress
< 2.8.4

wordpress-mu
< 2.8.4a

CVE-2009-2762
http://wordpress.org/development/2009/08/2-8-4-security-release/
http://www.milw0rm.com/exploits/9410
3a4a3e9c-a1fe-11dd-81be-001c2514716cwordpress -- snoopy "_httpsrequest()" shell command execution vulnerability

The Wordpress development team reports:

A vulnerability in the Snoopy library was announced today. WordPress uses Snoopy to fetch the feeds shown in the Dashboard. Although this seems to be a low risk vulnerability for WordPress users, we wanted to get an update out immediately.


Discovery 2008-10-23
Entry 2008-10-24
wordpress
de-wordpress
wordpress-mu
< 2.6.3

31887
http://secunia.com/Advisories/32361/
http://wordpress.org/development/2008/10/wordpress-263/
622bc638-be27-11dd-a578-0030843d3802wordpress -- header rss feed script insertion vulnerability

Secunia reports:

Input passed via the HTTP "Host" header is not properly sanitised before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site if malicious data is viewed.


Discovery 2008-11-26
Entry 2008-11-29
Modified 2010-05-02
wordpress
de-wordpress
wordpress-mu
< 2.6.5

zh-wordpress
gt 0

CVE-2008-5278
http://secunia.com/advisories/32882/
http://wordpress.org/development/2008/11/wordpress-265/
63347ee7-6841-11dc-82b6-02e0185f8d72wordpress -- remote sql injection vulnerability

Alexander Concha reports:

While testing WordPress, it has been discovered a SQL Injection vulnerability that allows an attacker to retrieve remotely any user credentials from a vulnerable site, this bug is caused because of early database escaping and the lack of validation in query string like parameters.


Discovery 2007-09-10
Entry 2007-09-21
wordpress
< 2.2.3,1

de-wordpress
zh-wordpress
< 2.2.3

wordpress-mu
< 1.2.4,2

CVE-2007-4894
http://www.buayacorp.com/files/wordpress/wordpress-sql-injection-advisory.html
884fced7-7f1c-11dd-a66a-0019666436c2wordpress -- remote privilege escalation

The Wordpress development team reports:

With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another users password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.


Discovery 2008-09-08
Entry 2008-10-22
Modified 2010-05-12
wordpress
de-wordpress
wordpress-mu
< 2.6.2

zh-wordpress
gt 0

31068
CVE-2008-4107
http://wordpress.org/development/2008/09/wordpress-262/