FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b7d785ea-656d-11e5-9909-002590263bf5	codeigniter -- SQL injection vulnerability The CodeIgniter changelog reports: An improvement was made to the MySQL and MySQLi drivers to prevent exposing a potential vector for SQL injection on sites using multi-byte character sets in the database client connection. An incompatibility in PHP versions < 5.2.3 and MySQL > 5.0.7 with mysql_set_charset() creates a situation where using multi-byte character sets on these environments may potentially expose a SQL injection attack vector. Latin-1, UTF-8, and other "low ASCII" character sets are unaffected on all environments. If you are running or considering running a multi-byte character set for your database connection, please pay close attention to the server environment you are deploying on to ensure you are not vulnerable. Discovery 2011-08-20 Entry 2015-09-28 codeigniter < 2.0.3 ports/156486 https://codeigniter.com/userguide2/changelog.html
aaedf196-6436-11e7-8b49-002590263bf5	codeigniter -- input validation bypass The CodeIgniter changelog reports: Form Validation Library rule valid_email could be bypassed if idn_to_ascii() is available. Discovery 2017-06-19 Entry 2017-07-08 codeigniter < 3.1.5 https://www.codeigniter.com/user_guide/changelog.html
df0144fb-295e-11e7-970f-002590263bf5	codeigniter -- multiple vulnerabilities The CodeIgniter changelog reports: Fixed a header injection vulnerability in common function set_status_header() under Apache (thanks to Guillermo Caminer from Flowgate). Fixed byte-safety issues in Encrypt Library (DEPRECATED) when mbstring.func_overload is enabled. Fixed byte-safety issues in Encryption Library when mbstring.func_overload is enabled. Fixed byte-safety issues in compatibility functions password_hash(), hash_pbkdf2() when mbstring.func_overload is enabled. Updated Encrypt Library (DEPRECATED) to call mcrypt_create_iv() with MCRYPT_DEV_URANDOM. Discovery 2017-03-23 Entry 2017-04-25 codeigniter < 3.1.4 https://www.codeigniter.com/user_guide/changelog.html
5114cd11-6571-11e5-9909-002590263bf5	codeigniter -- SQL injection vulnerability The CodeIgniter changelog reports: Security: Fixed an SQL injection vulnerability in Active Record method offset(). Discovery 2015-08-20 Entry 2015-09-28 codeigniter < 2.2.4 ports/203401 https://codeigniter.com/userguide2/changelog.html
01bce4c6-6571-11e5-9909-002590263bf5	codeigniter -- mysql database driver vulnerability The CodeIgniter changelog reports: Security: Removed a fallback to mysql_escape_string() in the mysql database driver (escape_str() method) when there's no active database connection. Discovery 2015-07-15 Entry 2015-09-28 codeigniter < 2.2.3 ports/203401 https://codeigniter.com/userguide2/changelog.html
95602550-76cf-11e5-a2a1-002590263bf5	codeigniter -- multiple XSS vulnerabilities The CodeIgniter changelog reports: Fixed a number of XSS attack vectors in Security Library method xss_clean (thanks to Frans RosÃ©n from Detectify. Discovery 2015-10-08 Entry 2015-10-20 codeigniter < 2.2.5 ports/203403 https://codeigniter.com/userguide2/changelog.html
698403a7-803d-11e5-ab94-002590263bf5	codeigniter -- multiple vulnerabilities The CodeIgniter changelog reports: Fixed an XSS attack vector in Security Library method xss_clean(). Changed Config Library method base_url() to fallback to ``$_SERVER['SERVER_ADDR']`` in order to avoid Host header injections. Changed CAPTCHA Helper to try to use the operating system's PRNG first. Discovery 2015-10-31 Entry 2015-11-01 codeigniter < 2.2.6 ports/203403 https://codeigniter.com/userguide2/changelog.html
f838dcb4-656f-11e5-9909-002590263bf5	codeigniter -- multiple vulnerabilities The CodeIgniter changelog reports: Security: The xor_encode() method in the Encrypt Class has been removed. The Encrypt Class now requires the Mcrypt extension to be installed. Security: The Session Library now uses HMAC authentication instead of a simple MD5 checksum. Discovery 2014-06-05 Entry 2015-09-28 codeigniter < 2.2.0 ports/203401 https://codeigniter.com/userguide2/changelog.html
ef3423e4-d056-11e7-a52c-002590263bf5	codeigniter -- input validation bypass The CodeIgniter changelog reports: Security: Fixed a potential object injection in Cache Library 'apc' driver when save() is used with $raw = TRUE. Discovery 2017-09-25 Entry 2017-11-23 codeigniter < 3.1.6 https://www.codeigniter.com/user_guide/changelog.html
5e439ee7-d3bd-11e6-ae1b-002590263bf5	codeigniter -- multiple vulnerabilities The CodeIgniter changelog reports: Fixed an SQL injection in the âodbcâ database driver. Updated set_realpath() Path Helper function to filter-out php:// wrapper inputs. Discovery 2016-07-26 Entry 2017-01-06 codeigniter < 3.1.0 https://www.codeigniter.com/user_guide/changelog.html
71ebbc50-01c1-11e7-ae1b-002590263bf5	codeigniter -- multiple vulnerabilities The CodeIgniter changelog reports: Fixed an XSS vulnerability in Security Library method xss_clean(). Fixed a possible file inclusion vulnerability in Loader Library method vars(). Fixed a possible remote code execution vulnerability in the Email Library when âmailâ or âsendmailâ are used (thanks to Paul Buonopane from NamePros). Added protection against timing side-channel attacks in Security Library method csrf_verify(). Added protection against BREACH attacks targeting the CSRF token field generated by Form Helper function form_open(). Discovery 2017-01-09 Entry 2017-03-05 codeigniter < 3.1.3 https://www.codeigniter.com/user_guide/changelog.html
83574d5a-f828-11dd-9fdf-0050568452ac	codeigniter -- arbitrary script execution in the new Form Validation class znirkel reports: The eval() function in _reset_post_array crashes when posting certain data. By passing in carefully-crafted input data, the eval() function could also execute malicious PHP code. Note that CodeIgniter applications that either do not use the new Form Validation class or use the old Validation class are not affected by this vulnerability. Discovery 2008-11-28 Entry 2009-02-11 codeigniter ge 1.7.0 lt 1.7.1 http://codeigniter.com/bug_tracker/bug/6068/
0502c1cb-8f81-11df-a0bb-0050568452ac	codeigniter -- file upload class vulnerability Derek Jones reports: A fix has been implemented for a security flaw in CodeIgniter 1.7.2. All applications using the File Upload class should install the patch to ensure that their application is not subject to a vulnerability. Discovery 2010-07-12 Entry 2010-07-21 codeigniter < 1.7.2_1 http://codeigniter.com/news/codeigniter_1.7.2_security_patch/ http://www.phpframeworks.com/news/p/16365/codeigniter-1-7-2-security-patch
c21f4e61-6570-11e5-9909-002590263bf5	codeigniter -- multiple vulnerabilities The CodeIgniter changelog reports: Security: Added HTTP "Host" header character validation to prevent cache poisoning attacks when base_url auto-detection is used. Security: Added FSCommand and seekSegmentTime to the "evil attributes" list in CI_Security::xss_clean(). Discovery 2015-04-15 Entry 2015-09-28 codeigniter < 2.2.2 ports/203401 https://codeigniter.com/userguide2/changelog.html
496160d3-d3be-11e6-ae1b-002590263bf5	codeigniter -- multiple vulnerabilities The CodeIgniter changelog reports: Fixed a number of new vulnerabilities in Security Library method xss_clean(). Discovery 2016-10-28 Entry 2017-01-06 codeigniter < 3.1.2 https://www.codeigniter.com/user_guide/changelog.html