FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a0d77bc8-c6a7-11e5-96d6-14dae9d210b8typo3 -- multiple vulnerabilities

TYPO3 Security Team reports:

It has been discovered that TYPO3 CMS is susceptible to Cross-Site Scripting and Cross-Site Flashing.


Discovery 2015-12-15
Entry 2016-01-29
typo3
< 7.6.1

typo3-lts
< 6.2.16

http://lists.typo3.org/pipermail/typo3-announce/2015/000351.html
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-010/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-015/
3caf4e6c-4cef-11e6-a15f-00248c0c745dtypo3 -- Missing access check in Extbase

TYPO3 reports:

Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. The missing access check inevitably leads to information disclosure or remote code execution, depending on the action that an attacker is able to execute.


Discovery 2016-05-24
Entry 2016-07-18
typo3
< 7.6.8

typo3-lts
< 6.2.24

CVE-2016-5091
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/
https://wiki.typo3.org/TYPO3_CMS_7.6.8
https://wiki.typo3.org/TYPO3_CMS_6.2.24
3c957a3e-2978-11e1-89b4-001ec9578670typo3 -- Remote Code Execution

The typo3 security team reports:

A crafted request to a vulnerable TYPO3 installation will allow an attacker to load PHP code from an external source and to execute it on the TYPO3 installation.

This is caused by a PHP file, which is part of the workspaces system extension, that does not validate passed arguments.


Discovery 2011-12-16
Entry 2011-12-18
typo3
ge 4.6 lt 4.6.2

< 4.5.9

CVE-2011-4614
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/