FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a9f60ce8-a4e0-11e5-b864-14dae9d210b8joomla -- multiple vulnerabilities

The JSST and the Joomla! Security Center report:

[20151201] - Core - Remote Code Execution Vulnerability

Browser information is not filtered properly while saving the session values into the database which leads to a Remote Code Execution vulnerability.

[20151202] - Core - CSRF Hardening

Add additional CSRF hardening in com_templates.

[20151203] - Core - Directory Traversal

Failure to properly sanitize input data from the XML install file located within an extension's package archive allows for directory traversal.

[20151204] - Core - Directory Traversal

Inadequate filtering of request data leads to a Directory Traversal vulnerability.


Discovery 2015-12-14
Entry 2015-12-17
Modified 2016-12-22
joomla3
< 3.4.6

https://www.joomla.org/announcements/release-news/5641-joomla-3-4-6-released.html
CVE-2015-8562
CVE-2015-8563
CVE-2015-8564
CVE-2015-8565
https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html
https://developer.joomla.org/security-centre/633-20151214-core-csrf-hardening.html
https://developer.joomla.org/security-centre/634-20151214-core-directory-traversal.html
https://developer.joomla.org/security-centre/635-20151214-core-directory-traversal-2.html
6aa398d0-1c4d-11e9-96dd-a4badb296695joomla3 -- vulnerabilitiesw

JSST reports:

Inadequate escaping in mod_banners leads to a stored XSS vulnerability.

Inadequate escaping in com_contact leads to a stored XSS vulnerability

Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS.

Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.


Discovery 2018-12-01
Entry 2019-01-20
joomla3
< 3.9.2

https://developer.joomla.org/security-centre/760-00190101-core-stored-xss-in-mod-banners.html
CVE-2019-6264
https://developer.joomla.org/security-centre/761-20190102-core-stored-xss-in-com-contact.html
CVE-2019-6261
https://developer.joomla.org/security-centre/762-20190103-core-stored-xss-issue-in-the-global-configuration-textfilter-settings.html
CVE-2019-6263
https://developer.joomla.org/security-centre/763-20190104-core-stored-xss-issue-in-the-global-configuration-help-url.html
CVE-2019-6262
624b45c0-c7f3-11e6-ae1b-002590263bf5Joomla! -- multiple vulnerabilities

The JSST and the Joomla! Security Center report:

[20161201] - Core - Elevated Privileges

Incorrect use of unfiltered data stored to the session on a form validation failure allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.

[20161202] - Core - Shell Upload

Inadequate filesystem checks allowed files with alternative PHP file extensions to be uploaded.

[20161203] - Core - Information Disclosure

Inadequate ACL checks in the Beez3 com_content article layout override enables a user to view restricted content.


Discovery 2016-12-06
Entry 2016-12-22
joomla3
ge 1.6.0 lt 3.6.5

CVE-2016-9836
CVE-2016-9837
CVE-2016-9838
https://developer.joomla.org/security-centre/664-20161201-core-elevated-privileges.html
https://developer.joomla.org/security-centre/665-20161202-core-shell-upload.html
https://developer.joomla.org/security-centre/666-20161203-core-information-disclosure.html
https://www.joomla.org/announcements/release-news/5693-joomla-3-6-5-released.html
f0806cad-c7f1-11e6-ae1b-002590263bf5Joomla! -- multiple vulnerabilities

The JSST and the Joomla! Security Center report:

[20160801] - Core - ACL Violation

Inadequate ACL checks in com_content provide potential read access to data which should be access restricted to users with edit_own level.

[20160802] - Core - XSS Vulnerability

Inadequate escaping leads to XSS vulnerability in mail component.

[20160803] - Core - CSRF

Add additional CSRF hardening in com_joomlaupdate.


Discovery 2016-08-03
Entry 2016-12-22
joomla3
ge 1.6.0 lt 3.6.1

https://developer.joomla.org/security-centre/652-20160801-core-core-acl-violations.html
https://developer.joomla.org/security-centre/653-20160802-core-xss-vulnerability.html
https://developer.joomla.org/security-centre/654-20160803-core-csrf.html
https://www.joomla.org/announcements/release-news/5665-joomla-3-6-1-released.html
c0ef061a-c7f0-11e6-ae1b-002590263bf5Joomla! -- multiple vulnerabilities

The JSST and the Joomla! Security Center report:

[20151206] - Core - Session Hardening

The Joomla Security Strike team has been following up on the critical security vulnerability patched last week. Since the recent update it has become clear that the root cause is a bug in PHP itself. This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13 (Note that this is fixed in all versions of PHP 7 and has been back-ported in some specific Linux LTS versions of PHP 5.3). This fixes the bug across all supported PHP versions.

[20151207] - Core - SQL Injection

Inadequate filtering of request data leads to a SQL Injection vulnerability.


Discovery 2015-12-21
Entry 2016-12-22
joomla3
ge 1.5.0 lt 3.4.7

https://developer.joomla.org/security-centre/639-20151206-core-session-hardening.html
https://developer.joomla.org/security-centre/640-20151207-core-sql-injection.html
https://www.joomla.org/announcements/release-news/5643-joomla-3-4-7.html
bf2b9c56-b93e-11e8-b2a8-a4badb296695joomla3 -- vulnerabilitiesw

JSST reports: Multiple low-priority Vulnerabilities

Inadequate checks in the InputFilter class could allow specifically prepared PHAR files to pass the upload filter.

Inadequate output filtering on the user profile page could lead to a stored XSS attack.

Inadequate checks regarding disabled fields can lead to an ACL violation.


Discovery 2018-08-23
Entry 2018-09-15
joomla3
< 3.8.12

CVE-2018-15860
CVE-2018-15881
CVE-2018-15882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15882
https://developer.joomla.org/security-centre/743-20180801-core-hardening-the-inputfilter-for-phar-stubs.html
https://developer.joomla.org/security-centre/744-20180802-core-stored-xss-vulnerability-in-the-frontend-profile.html
https://developer.joomla.org/security-centre/745-20180803-core-acl-violation-in-custom-fields.html
a27d234a-c7f2-11e6-ae1b-002590263bf5Joomla! -- multiple vulnerabilities

The JSST and the Joomla! Security Center report:

[20161001] - Core - Account Creation

Inadequate checks allows for users to register on a site when registration has been disabled.

[20161002] - Core - Elevated Privilege

Incorrect use of unfiltered data allows for users to register on a site with elevated privileges.

[20161003] - Core - Account Modifications

Incorrect use of unfiltered data allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.


Discovery 2016-10-25
Entry 2016-12-22
joomla3
ge 3.4.4 lt 3.6.4

CVE-2016-8869
CVE-2016-8870
CVE-2016-9081
https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html
https://developer.joomla.org/security-centre/660-20161002-core-elevated-privileges.html
https://developer.joomla.org/security-centre/661-20161003-core-account-modifications.html
https://www.joomla.org/announcements/release-news/5678-joomla-3-6-4-released.html