FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
e79876e4-5061-11db-a5ae-00508d6a62df	punbb -- NULL byte injection vulnerability CVE Mitre reports: PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926. Discovery 2006-09-13 Entry 2006-09-30 punbb < 1.2.13 CVE-2006-4759 http://forums.punbb.org/viewtopic.php?id=13255

VuXML ID

Description

e79876e4-5061-11db-a5ae-00508d6a62df

punbb -- NULL byte injection vulnerability

CVE Mitre reports:

PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with an avatars_dir parameter ending in %00. NOTE: this issue was originally disputed by the vendor, but the dispute was withdrawn on 20060926.

Discovery 2006-09-13
Entry 2006-09-30
punbb

< 1.2.13

CVE-2006-4759
http://forums.punbb.org/viewtopic.php?id=13255