FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c0869649-5a0c-11df-942d-0015587e2cc1piwik -- cross site scripting vulnerability

The Piwik security advisory reports:

A non-persistent, cross-site scripting vulnerability (XSS) was found in Piwik's Login form that reflected the form_url parameter without being properly escaped or filtered.


Discovery 2010-04-15
Entry 2010-05-07
piwik
le 0.5.5

CVE-2010-1453
http://piwik.org/blog/2010/04/piwik-0-6-security-advisory/
11351c82-9909-11e5-a9c8-14dae9d5a9d2piwik -- multiple vulnerabilities

Piwik changelog reports:

This release is rated critical. We are grateful for Security researchers who disclosed security issues privately to the Piwik Security Response team: Elamaran Venkatraman, Egidio Romano and Dmitriy Shcherbatov. The following vulnerabilities were fixed: XSS, CSRF, possible file inclusion in older PHP versions (low impact), possible Object Injection Vulnerability (low impact).


Discovery 2015-11-17
Entry 2015-12-02
piwik
< 2.15.0

CVE-2015-7815
CVE-2015-7816
http://piwik.org/changelog/piwik-2-15-0/
fcbf56dd-e667-11de-920a-00248c9b4be7piwik -- php code execution

secunia reports:

Stefan Esser has reported a vulnerability in Piwik, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the core/Cookie.php script using "unserialize()" with user controlled input. This can be exploited to e.g. execute arbitrary PHP code via the "__wakeup()" or "__destruct()" methods of a serialized object passed via an HTTP cookie.


Discovery 2009-12-10
Entry 2009-12-11
Modified 2010-05-02
piwik
< 0.5.1

CVE-2009-4137
http://secunia.com/advisories/37649/
http://www.sektioneins.de/de/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability/index.html
http://piwik.org/blog/2009/12/piwik-response-to-shocking-news-in-php-exploitation/
da317bc9-59a6-11e1-bc16-0023ae8e59f0piwik -- xss and click-jacking issues

The Piwik Team reports:

We would like to thank the following security researchers for their responsible disclosure of XSS and click-jacking issues: Piotr Duszynski, Sergey Markov, Mauro Gentile.


Discovery 2012-02-16
Entry 2012-02-16
piwik
< 1.7

"http://piwik.org/blog/2012/02/7775/"
28bf62ef-5e2c-11e6-a15f-00248c0c745dpiwik -- XSS vulnerability

Piwik reports:

We have identified and fixed several XSS security issues in this release.


Discovery 2016-08-03
Entry 2016-08-09
piwik
< 2.16.2

We have identified and fixed several XSS security issues in this release.
22775cdd-395a-11e6-b3c8-14dae9d210b8piwik -- XSS vulnerability

Piwik reports:

The Piwik Security team is grateful for the responsible disclosures by our security researchers: Egidio Romano (granted a critical security bounty), James Kettle and Paweł Bartunek (XSS) and Emanuel Bronshtein (limited XSS).


Discovery 2016-04-11
Entry 2016-06-23
piwik
< 2.16.1

http://piwik.org/changelog/piwik-2-16-1/