FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f0806cad-c7f1-11e6-ae1b-002590263bf5Joomla! -- multiple vulnerabilities

The JSST and the Joomla! Security Center report:

[20160801] - Core - ACL Violation

Inadequate ACL checks in com_content provide potential read access to data which should be access restricted to users with edit_own level.

[20160802] - Core - XSS Vulnerability

Inadequate escaping leads to XSS vulnerability in mail component.

[20160803] - Core - CSRF

Add additional CSRF hardening in com_joomlaupdate.


Discovery 2016-08-03
Entry 2016-12-22
joomla3
ge 1.6.0 lt 3.6.1

https://developer.joomla.org/security-centre/652-20160801-core-core-acl-violations.html
https://developer.joomla.org/security-centre/653-20160802-core-xss-vulnerability.html
https://developer.joomla.org/security-centre/654-20160803-core-csrf.html
https://www.joomla.org/announcements/release-news/5665-joomla-3-6-1-released.html
deaba148-7ac5-11e5-b35a-002590263bf5Joomla! -- Core - Open Redirect vulnerability

The JSST and the Joomla! Security Center report:

[20150601] - Core - Open Redirect

Inadequate checking of the return value allowed to redirect to an external page.


Discovery 2015-06-30
Entry 2015-10-25
joomla3
ge 3.0.0 lt 3.4.2

CVE-2015-5608
http://developer.joomla.org/security-centre/617-20150601-core-open-redirect.html
https://www.joomla.org/announcements/release-news/5589-joomla-3-4-2-released.html
c0ef061a-c7f0-11e6-ae1b-002590263bf5Joomla! -- multiple vulnerabilities

The JSST and the Joomla! Security Center report:

[20151206] - Core - Session Hardening

The Joomla Security Strike team has been following up on the critical security vulnerability patched last week. Since the recent update it has become clear that the root cause is a bug in PHP itself. This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13 (Note that this is fixed in all versions of PHP 7 and has been back-ported in some specific Linux LTS versions of PHP 5.3). This fixes the bug across all supported PHP versions.

[20151207] - Core - SQL Injection

Inadequate filtering of request data leads to a SQL Injection vulnerability.


Discovery 2015-12-21
Entry 2016-12-22
joomla3
ge 1.5.0 lt 3.4.7

https://developer.joomla.org/security-centre/639-20151206-core-session-hardening.html
https://developer.joomla.org/security-centre/640-20151207-core-sql-injection.html
https://www.joomla.org/announcements/release-news/5643-joomla-3-4-7.html
0ebc6e78-7ac6-11e5-b35a-002590263bf5Joomla! -- Core - SQL Injection/ACL Violation vulnerabilities

The JSST and the Joomla! Security Center report:

[20151001] - Core - SQL Injection

Inadequate filtering of request data leads to a SQL Injection vulnerability.

[20151002] - Core - ACL Violations

Inadequate ACL checks in com_contenthistory provide potential read access to data which should be access restricted.


Discovery 2015-10-22
Entry 2015-10-25
joomla3
ge 3.2.0 lt 3.4.5

CVE-2015-7297
CVE-2015-7857
CVE-2015-7858
CVE-2015-7859
http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html
http://developer.joomla.org/security-centre/629-20151002-core-acl-violations.html
https://www.joomla.org/announcements/release-news/5634-joomla-3-4-5-released.html
cec4d01a-7ac5-11e5-b35a-002590263bf5Joomla! -- Core - Remote File Execution/Denial of Service vulnerabilities

The JSST and the Joomla! Security Center report:

[20140903] - Core - Remote File Inclusion

Inadequate checking allowed the potential for remote files to be executed.

[20140904] - Core - Denial of Service

Inadequate checking allowed the potential for a denial of service attack.


Discovery 2014-09-30
Entry 2015-10-25
joomla3
< 3.2.6

ge 3.3.0 lt 3.3.5

joomla2
ge 2.5.4 lt 2.5.26

CVE-2014-7228
CVE-2014-7229
http://developer.joomla.org/security-centre/595-20140903-core-remote-file-inclusion.html
http://developer.joomla.org/security-centre/596-20140904-core-denial-of-service.html
https://www.joomla.org/announcements/release-news/5567-joomla-3-3-5-released.html
https://www.joomla.org/announcements/release-news/5566-joomla-2-5-26-released.html
bf2b9c56-b93e-11e8-b2a8-a4badb296695joomla3 -- vulnerabilitiesw

JSST reports: Multiple low-priority Vulnerabilities

Inadequate checks in the InputFilter class could allow specifically prepared PHAR files to pass the upload filter.

Inadequate output filtering on the user profile page could lead to a stored XSS attack.

Inadequate checks regarding disabled fields can lead to an ACL violation.


Discovery 2018-08-23
Entry 2018-09-15
joomla3
< 3.8.12

CVE-2018-15860
CVE-2018-15881
CVE-2018-15882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15882
https://developer.joomla.org/security-centre/743-20180801-core-hardening-the-inputfilter-for-phar-stubs.html
https://developer.joomla.org/security-centre/744-20180802-core-stored-xss-vulnerability-in-the-frontend-profile.html
https://developer.joomla.org/security-centre/745-20180803-core-acl-violation-in-custom-fields.html
6aa398d0-1c4d-11e9-96dd-a4badb296695joomla3 -- vulnerabilitiesw

JSST reports:

Inadequate escaping in mod_banners leads to a stored XSS vulnerability.

Inadequate escaping in com_contact leads to a stored XSS vulnerability

Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS.

Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.


Discovery 2018-12-01
Entry 2019-01-20
joomla3
< 3.9.2

https://developer.joomla.org/security-centre/760-00190101-core-stored-xss-in-mod-banners.html
CVE-2019-6264
https://developer.joomla.org/security-centre/761-20190102-core-stored-xss-in-com-contact.html
CVE-2019-6261
https://developer.joomla.org/security-centre/762-20190103-core-stored-xss-issue-in-the-global-configuration-textfilter-settings.html
CVE-2019-6263
https://developer.joomla.org/security-centre/763-20190104-core-stored-xss-issue-in-the-global-configuration-help-url.html
CVE-2019-6262
adbb32d9-7ac5-11e5-b35a-002590263bf5Joomla! -- Core - XSS Vulnerability

The JSST and the Joomla! Security Center report:

[20140901] - Core - XSS Vulnerability

Inadequate escaping leads to XSS vulnerability in com_media.


Discovery 2014-09-23
Entry 2015-10-25
joomla3
ge 3.2.0 lt 3.2.5

ge 3.3.0 lt 3.3.4

CVE-2014-6631
http://developer.joomla.org/security-centre/593-20140901-core-xss-vulnerability.html
https://www.joomla.org/announcements/release-news/5564-joomla-3-3-4-released.html
beb3d5fc-7ac5-11e5-b35a-002590263bf5Joomla! -- Core - Unauthorized Login vulnerability

The JSST and the Joomla! Security Center report:

[20140902] - Core - Unauthorized Logins

Inadequate checking allowed unauthorized logins via LDAP authentication.


Discovery 2014-09-23
Entry 2015-10-25
joomla3
< 3.2.5

ge 3.3.0 lt 3.3.4

joomla2
< 2.5.25

CVE-2014-6632
http://developer.joomla.org/security-centre/594-20140902-core-unauthorised-logins.html
https://www.joomla.org/announcements/release-news/5564-joomla-3-3-4-released.html
https://www.joomla.org/announcements/release-news/5563-joomla-2-5-25-released.html
a9f60ce8-a4e0-11e5-b864-14dae9d210b8joomla -- multiple vulnerabilities

The JSST and the Joomla! Security Center report:

[20151201] - Core - Remote Code Execution Vulnerability

Browser information is not filtered properly while saving the session values into the database which leads to a Remote Code Execution vulnerability.

[20151202] - Core - CSRF Hardening

Add additional CSRF hardening in com_templates.

[20151203] - Core - Directory Traversal

Failure to properly sanitize input data from the XML install file located within an extension's package archive allows for directory traversal.

[20151204] - Core - Directory Traversal

Inadequate filtering of request data leads to a Directory Traversal vulnerability.


Discovery 2015-12-14
Entry 2015-12-17
Modified 2016-12-22
joomla3
< 3.4.6

https://www.joomla.org/announcements/release-news/5641-joomla-3-4-6-released.html
CVE-2015-8562
CVE-2015-8563
CVE-2015-8564
CVE-2015-8565
https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html
https://developer.joomla.org/security-centre/633-20151214-core-csrf-hardening.html
https://developer.joomla.org/security-centre/634-20151214-core-directory-traversal.html
https://developer.joomla.org/security-centre/635-20151214-core-directory-traversal-2.html
ec2d1cfd-7ac5-11e5-b35a-002590263bf5Joomla! -- Core - CSRF Protection vulnerabilities

The JSST and the Joomla! Security Center report:

[20150602] - Core - CSRF Protection

Lack of CSRF checks potentially enabled uploading malicious code.


Discovery 2015-06-30
Entry 2015-10-25
joomla3
ge 3.2.0 lt 3.4.2

CVE-2015-5397
http://developer.joomla.org/security-centre/618-20150602-core-remote-code-execution.html
https://www.joomla.org/announcements/release-news/5589-joomla-3-4-2-released.html
624b45c0-c7f3-11e6-ae1b-002590263bf5Joomla! -- multiple vulnerabilities

The JSST and the Joomla! Security Center report:

[20161201] - Core - Elevated Privileges

Incorrect use of unfiltered data stored to the session on a form validation failure allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.

[20161202] - Core - Shell Upload

Inadequate filesystem checks allowed files with alternative PHP file extensions to be uploaded.

[20161203] - Core - Information Disclosure

Inadequate ACL checks in the Beez3 com_content article layout override enables a user to view restricted content.


Discovery 2016-12-06
Entry 2016-12-22
joomla3
ge 1.6.0 lt 3.6.5

CVE-2016-9836
CVE-2016-9837
CVE-2016-9838
https://developer.joomla.org/security-centre/664-20161201-core-elevated-privileges.html
https://developer.joomla.org/security-centre/665-20161202-core-shell-upload.html
https://developer.joomla.org/security-centre/666-20161203-core-information-disclosure.html
https://www.joomla.org/announcements/release-news/5693-joomla-3-6-5-released.html
03e54e42-7ac6-11e5-b35a-002590263bf5Joomla! -- Core - ACL Violation vulnerabilities

The JSST and the Joomla! Security Center report:

[20151003] - Core - ACL Violations

Inadequate ACL checks in com_content provide potential read access to data which should be access restricted.


Discovery 2015-10-22
Entry 2015-10-25
joomla3
ge 3.0.0 lt 3.4.5

CVE-2015-7899
http://developer.joomla.org/security-centre/630-20151003-core-acl-violations.html
https://www.joomla.org/announcements/release-news/5634-joomla-3-4-5-released.html