FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
7d239578-7ff2-11dd-8de5-0030843d3802horde -- multiple vulnerabilities

Secunia reports:

Some vulnerabilities have been reported in various Horde products, which can be exploited by malicious people to conduct script insertion attacks

Input via MIME attachment linking is not properly sanitised in the MIME library before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session if e.g. a malicious email is viewed.

Certain unspecified input in HTML messages is not properly sanitised before being used. This can be exploited to execute arbitrary HTML and script in a user's browser session if e.g. a malicious HTML email is viewed.


Discovery 2008-09-10
Entry 2008-09-11
Modified 2008-10-03
horde-base
< 3.2.2

CVE-2008-3823
CVE-2008-3824
http://lists.horde.org/archives/announce/2008/000429.html
http://secunia.com/advisories/31842/
8fc55043-cb1e-11df-9c1b-0011098ad87fhorde-base -- XSS and CSRF vulnerabilities

The Horde team reports:

Thanks to Naumann IT Security Consulting for reporting the XSS vulnerability.

Thanks to Secunia for releasing an advisory for the new CSRF protection in the preference interface

The major changes compared to Horde version 3.3.8 are:

* Fixed XSS vulnerability in util/icon_browser.php.

* Protected preference forms against CSRF attacks.


Discovery 2010-06-03
Entry 2010-09-28
horde-base
< 3.3.9

http://article.gmane.org/gmane.comp.horde.announce/515
http://cvs.horde.org/diff.php/horde/docs/CHANGES?rt=horde&r1=1.515.2.607&r2=1.515.2.620&ty=h
http://secunia.com/advisories/39860/
http://holisticinfosec.org/content/view/145/45/
a3314314-f731-11df-a757-0011098ad87fhorde-base -- XSS: VCARD attachments vulnerability

The Horde team reports:

The major changes compared to Horde version 3.3.10 are:

* Fixed XSS vulnerability when viewing details of a vCard.


Discovery 2010-11-02
Entry 2010-11-23
horde-base
< 3.3.11

http://article.gmane.org/gmane.comp.horde.announce/532
http://bugs.horde.org/ticket/9357
ee23aa09-a175-11de-96c0-0011098ad87fhorde-base -- multiple vulnerabilities

The Horde team reports:

An error within the form library when handling image form fields can be exploited to overwrite arbitrary local files.

An error exists within the MIME Viewer library when rendering unknown text parts. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site if malicious data is viewed.

The preferences system does not properly sanitise numeric preference types. This can be exploited to execute arbitrary HTML and script code in a user's browser session in contact of an affected site.


Discovery 2009-05-28
Entry 2009-09-14
Modified 2009-09-22
horde-base
< 3.3.5

http://bugs.horde.org/ticket/?id=8311
http://bugs.horde.org/ticket/?id=8399
http://secunia.com/advisories/36665/
http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.558&r2=1.515.2.559