FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
739b94a4-838b-11de-938e-003048590f9ejoomla15 -- com_mailto Timeout Issue

Joomla! Security Center reports:

In com_mailto, it was possible to bypass timeout protection against sending automated emails.


Discovery 2009-07-22
Entry 2009-08-07
Modified 2009-08-11
joomla15
< 1.5.14

http://developer.joomla.org/security.html
http://secunia.com/advisories/36097/
8d10038e-515c-11df-83fb-0015587e2cc1joomla -- multiple vulnerabilities

Joomla! reported the following vulnerabilities:

If a user entered a URL with a negative query limit or offset, a PHP notice would display revealing information about the system..

The migration script in the Joomla! installer does not check the file type being uploaded. If the installation application is present, an attacker could use it to upload malicious files to a server.

Session id doesn't get modified when user logs in. A remote site may be able to forward a visitor to the Joomla! site and set a specific cookie. If the user then logs in, the remote site can use that cookie to authenticate as that user.

When a user requests a password reset, the reset tokens were stored in plain text in the database. While this is not a vulnerability in itself, it allows user accounts to be compromised if there is an extension on the site with an SQL injection vulnerability.


Discovery 2010-04-23
Entry 2010-04-26
joomla15
ge 1.5.1 le 1.5.15

http://developer.joomla.org/security/news/308-20100423-core-password-reset-tokens.html
http://developer.joomla.org/security/news/309-20100423-core-sessation-fixation.html
http://developer.joomla.org/security/news/310-20100423-core-installer-migration-script.html
http://developer.joomla.org/security/news/311-20100423-core-negative-values-for-limit-and-offset.html
bdccd14b-5aac-11de-a438-003048590f9ejoomla -- multiple vulnerabilities

Secunia reports:

Some vulnerabilities have been reported in Joomla!, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks.

Certain unspecified input is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when the malicious data is displayed.

Certain unspecified input passed to the user view of the com_users core component is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Input passed via certain parameters to the "JA_Purity" template is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


Discovery 2009-06-03
Entry 2009-06-16
Modified 2010-05-02
joomla15
< 1.5.11

CVE-2009-1938
CVE-2009-1939
CVE-2009-1940
http://secunia.com/advisories/35278/
http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html