FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
ff98087f-0a8f-11e4-b00b-5453ed2e2b49postfixadmin -- SQL injection vulnerability

Thijs Kinkhorst reports:

Postfixadmin has an SQL injection vulnerability. This vulnerability is only exploitable by authenticated users able to create new aliases.


Discovery 2014-03-28
Entry 2014-07-13
Modified 2015-09-28
postfixadmin
< 2.3.7

CVE-2014-2655
66455
ports/189248
http://www.openwall.com/lists/oss-security/2014/03/26/6
https://www.debian.org/security/2014/dsa-2889
93688f8f-4935-11e1-89b4-001ec9578670postfixadmin -- Multiple Vulnerabilities

The Postfix Admin Team reports:

Multiple XSS vulnerabilities exist:

- XSS with $_GET[domain] in templates/menu.php and edit-vacation

- XSS in some create-domain input fields

- XSS in create-alias and edit-alias error message

- XSS (by values stored in the database) in fetchmail list view, list-domain and list-virtual

Multiple SQL injection issues exist:

- SQL injection in pacrypt() (if $CONF[encrypt] == 'mysql_encrypt')

- SQL injection in backup.php - the dump was not mysql_escape()d, therefore users could inject SQL (for example in the vacation message) which will be executed when restoring the database dump. WARNING: database dumps created with backup.php from 2.3.4 or older might contain malicious SQL. Double-check before using them!


Discovery 2012-01-27
Entry 2012-01-27
postfixadmin
< 2.3.5

CVE-2012-0811
CVE-2012-0812
http://sourceforge.net/projects/postfixadmin/forums/forum/676076/topic/4977778