FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  374986
Date:      2014-12-20
Time:      00:21:30Z
Committer: delphij

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
043d3a78-f245-4938-9bc7-3d0d35dd94bfwordpress -- multiple vulnerabilities

The wordpress development team reports:

  • Block unsafe PHP unserialization that could occur in limited situations and setups, which can lead to remote code execution.
  • Prevent a user with an Author role, using a specially crafted request, from being able to create a post "written by" another user.
  • Fix insufficient input validation that could result in redirecting or leading a user to another website.

Additionally, we've adjusted security restrictions around file uploads to mitigate the potential for cross-site scripting.


Discovery 2013-09-11
Entry 2013-10-19
Modified 2014-04-30
zh-wordpress-zh_CN
lt 3.6.1

zh-wordpress-zh_TW
lt 3.6.1

de-wordpress
lt 3.6.1

ja-wordpress
lt 3.6.1

ru-wordpress
lt 3.6.1

wordpress
lt 3.6.1

CVE-2013-4338
CVE-2013-4339
CVE-2013-4340
CVE-2013-5738
CVE-2013-5739
http://wordpress.org/news/2013/09/wordpress-3-6-1/
559e00b7-6a4d-11e2-b6b0-10bf48230856wordpress -- multiple vulnerabilities

Wordpress reports:

WordPress 3.5.1 also addresses the following security issues:

  • A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We'd like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
  • Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.
  • A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.

Discovery 2013-01-24
Entry 2013-01-29
Modified 2014-04-30
wordpress
lt 3.5.1,1

zh-wordpress-zh_CN
lt 3.5.1

zh-wordpress-zh_TW
lt 3.5.1

de-wordpress
lt 3.5.1

ja-wordpress
lt 3.5.1

ru-wordpress
lt 3.5.1

CVE-2013-0235
CVE-2013-0236
CVE-2013-0237
049332d2-f6e1-11e2-82f3-000c29ee3065wordpress -- multiple vulnerabilities

The wordpress development team reports:

  • Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site
  • Disallow contributors from improperly publishing posts
  • An update to the SWFUpload external library to fix cross-site scripting vulnerabilities
  • Prevention of a denial of service attack, affecting sites using password-protected posts
  • An update to an external TinyMCE library to fix a cross-site scripting vulnerability
  • Multiple fixes for cross-site scripting
  • Avoid disclosing a full file path when a upload fails

Discovery 2013-06-21
Entry 2013-07-27
Modified 2014-04-30
wordpress
lt 3.5.2,1

zh-wordpress-zh_CN
lt 3.5.2

zh-wordpress-zh_TW
lt 3.5.2

de-wordpress
lt 3.5.2

ja-wordpress
lt 3.5.2

ru-wordpress
lt 3.5.2

CVE-2013-2199
CVE-2013-2200
CVE-2013-2201
CVE-2013-2202
CVE-2013-2203
CVE-2013-2204
CVE-2013-2205
https://wordpress.org/news/2013/06/wordpress-3-5-2/
810df820-3664-11e1-8fe3-00215c6a37bbWordPress -- cross site scripting vulnerability

WordPress development team reports:

WordPress 3.3.1 is now available. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3. Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K., and the Go Daddy security team for responsibly disclosing the bug to our security team.


Discovery 2012-01-03
Entry 2012-01-03
wordpress
lt 3.3.1,1

de-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
lt 3.3.1

http://threatpost.com/en_us/blogs/xss-bug-found-wordpress-33-010312
810df820-3664-11e1-8fe3-00215c6a37bbWordPress -- cross site scripting vulnerability

WordPress development team reports:

WordPress 3.3.1 is now available. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3. Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K., and the Go Daddy security team for responsibly disclosing the bug to our security team.


Discovery 2012-01-03
Entry 2012-01-03
wordpress
lt 3.3.1,1

de-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
lt 3.3.1

http://threatpost.com/en_us/blogs/xss-bug-found-wordpress-33-010312