FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
496160d3-d3be-11e6-ae1b-002590263bf5codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports:

Fixed a number of new vulnerabilities in Security Library method xss_clean().


Discovery 2016-10-28
Entry 2017-01-06
codeigniter
< 3.1.2

https://www.codeigniter.com/user_guide/changelog.html
5e439ee7-d3bd-11e6-ae1b-002590263bf5codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports:

Fixed an SQL injection in the ‘odbc’ database driver.

Updated set_realpath() Path Helper function to filter-out php:// wrapper inputs.


Discovery 2016-07-26
Entry 2017-01-06
codeigniter
< 3.1.0

https://www.codeigniter.com/user_guide/changelog.html
aaedf196-6436-11e7-8b49-002590263bf5codeigniter -- input validation bypass

The CodeIgniter changelog reports:

Form Validation Library rule valid_email could be bypassed if idn_to_ascii() is available.


Discovery 2017-06-19
Entry 2017-07-08
codeigniter
< 3.1.5

https://www.codeigniter.com/user_guide/changelog.html
0502c1cb-8f81-11df-a0bb-0050568452accodeigniter -- file upload class vulnerability

Derek Jones reports:

A fix has been implemented for a security flaw in CodeIgniter 1.7.2. All applications using the File Upload class should install the patch to ensure that their application is not subject to a vulnerability.


Discovery 2010-07-12
Entry 2010-07-21
codeigniter
< 1.7.2_1

http://codeigniter.com/news/codeigniter_1.7.2_security_patch/
http://www.phpframeworks.com/news/p/16365/codeigniter-1-7-2-security-patch
95602550-76cf-11e5-a2a1-002590263bf5codeigniter -- multiple XSS vulnerabilities

The CodeIgniter changelog reports:

Fixed a number of XSS attack vectors in Security Library method xss_clean (thanks to Frans Rosén from Detectify.


Discovery 2015-10-08
Entry 2015-10-20
codeigniter
< 2.2.5

ports/203403
https://codeigniter.com/userguide2/changelog.html
5114cd11-6571-11e5-9909-002590263bf5codeigniter -- SQL injection vulnerability

The CodeIgniter changelog reports:

Security: Fixed an SQL injection vulnerability in Active Record method offset().


Discovery 2015-08-20
Entry 2015-09-28
codeigniter
< 2.2.4

ports/203401
https://codeigniter.com/userguide2/changelog.html
71ebbc50-01c1-11e7-ae1b-002590263bf5codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports:

Fixed an XSS vulnerability in Security Library method xss_clean().

Fixed a possible file inclusion vulnerability in Loader Library method vars().

Fixed a possible remote code execution vulnerability in the Email Library when ‘mail’ or ‘sendmail’ are used (thanks to Paul Buonopane from NamePros).

Added protection against timing side-channel attacks in Security Library method csrf_verify().

Added protection against BREACH attacks targeting the CSRF token field generated by Form Helper function form_open().


Discovery 2017-01-09
Entry 2017-03-05
codeigniter
< 3.1.3

https://www.codeigniter.com/user_guide/changelog.html
f838dcb4-656f-11e5-9909-002590263bf5codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports:

Security: The xor_encode() method in the Encrypt Class has been removed. The Encrypt Class now requires the Mcrypt extension to be installed.

Security: The Session Library now uses HMAC authentication instead of a simple MD5 checksum.


Discovery 2014-06-05
Entry 2015-09-28
codeigniter
< 2.2.0

ports/203401
https://codeigniter.com/userguide2/changelog.html
b7d785ea-656d-11e5-9909-002590263bf5codeigniter -- SQL injection vulnerability

The CodeIgniter changelog reports:

An improvement was made to the MySQL and MySQLi drivers to prevent exposing a potential vector for SQL injection on sites using multi-byte character sets in the database client connection.

An incompatibility in PHP versions < 5.2.3 and MySQL > 5.0.7 with mysql_set_charset() creates a situation where using multi-byte character sets on these environments may potentially expose a SQL injection attack vector. Latin-1, UTF-8, and other "low ASCII" character sets are unaffected on all environments.

If you are running or considering running a multi-byte character set for your database connection, please pay close attention to the server environment you are deploying on to ensure you are not vulnerable.


Discovery 2011-08-20
Entry 2015-09-28
codeigniter
< 2.0.3

ports/156486
https://codeigniter.com/userguide2/changelog.html
ef3423e4-d056-11e7-a52c-002590263bf5codeigniter -- input validation bypass

The CodeIgniter changelog reports:

Security: Fixed a potential object injection in Cache Library 'apc' driver when save() is used with $raw = TRUE.


Discovery 2017-09-25
Entry 2017-11-23
codeigniter
< 3.1.6

https://www.codeigniter.com/user_guide/changelog.html
698403a7-803d-11e5-ab94-002590263bf5codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports:

Fixed an XSS attack vector in Security Library method xss_clean().

Changed Config Library method base_url() to fallback to ``$_SERVER['SERVER_ADDR']`` in order to avoid Host header injections.

Changed CAPTCHA Helper to try to use the operating system's PRNG first.


Discovery 2015-10-31
Entry 2015-11-01
codeigniter
< 2.2.6

ports/203403
https://codeigniter.com/userguide2/changelog.html
c21f4e61-6570-11e5-9909-002590263bf5codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports:

Security: Added HTTP "Host" header character validation to prevent cache poisoning attacks when base_url auto-detection is used.

Security: Added FSCommand and seekSegmentTime to the "evil attributes" list in CI_Security::xss_clean().


Discovery 2015-04-15
Entry 2015-09-28
codeigniter
< 2.2.2

ports/203401
https://codeigniter.com/userguide2/changelog.html
df0144fb-295e-11e7-970f-002590263bf5codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports:

Fixed a header injection vulnerability in common function set_status_header() under Apache (thanks to Guillermo Caminer from Flowgate).

Fixed byte-safety issues in Encrypt Library (DEPRECATED) when mbstring.func_overload is enabled.

Fixed byte-safety issues in Encryption Library when mbstring.func_overload is enabled.

Fixed byte-safety issues in compatibility functions password_hash(), hash_pbkdf2() when mbstring.func_overload is enabled.

Updated Encrypt Library (DEPRECATED) to call mcrypt_create_iv() with MCRYPT_DEV_URANDOM.


Discovery 2017-03-23
Entry 2017-04-25
codeigniter
< 3.1.4

https://www.codeigniter.com/user_guide/changelog.html
01bce4c6-6571-11e5-9909-002590263bf5codeigniter -- mysql database driver vulnerability

The CodeIgniter changelog reports:

Security: Removed a fallback to mysql_escape_string() in the mysql database driver (escape_str() method) when there's no active database connection.


Discovery 2015-07-15
Entry 2015-09-28
codeigniter
< 2.2.3

ports/203401
https://codeigniter.com/userguide2/changelog.html