FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  371119
Date:      2014-10-18
Time:      12:52:26Z
Committer: kwm

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
0502c1cb-8f81-11df-a0bb-0050568452accodeigniter -- file upload class vulnerability

Derek Jones reports:

A fix has been implemented for a security flaw in CodeIgniter 1.7.2. All applications using the File Upload class should install the patch to ensure that their application is not subject to a vulnerability.


Discovery 2010-07-12
Entry 2010-07-21
codeigniter
lt 1.7.2_1

http://codeigniter.com/news/codeigniter_1.7.2_security_patch/
http://www.phpframeworks.com/news/p/16365/codeigniter-1-7-2-security-patch
83574d5a-f828-11dd-9fdf-0050568452accodeigniter -- arbitrary script execution in the new Form Validation class

znirkel reports:

The eval() function in _reset_post_array crashes when posting certain data. By passing in carefully-crafted input data, the eval() function could also execute malicious PHP code.

Note that CodeIgniter applications that either do not use the new Form Validation class or use the old Validation class are not affected by this vulnerability.


Discovery 2008-11-28
Entry 2009-02-11
codeigniter
ge 1.7.0 lt 1.7.1

http://codeigniter.com/bug_tracker/bug/6068/
0502c1cb-8f81-11df-a0bb-0050568452accodeigniter -- file upload class vulnerability

Derek Jones reports:

A fix has been implemented for a security flaw in CodeIgniter 1.7.2. All applications using the File Upload class should install the patch to ensure that their application is not subject to a vulnerability.


Discovery 2010-07-12
Entry 2010-07-21
codeigniter
lt 1.7.2_1

http://codeigniter.com/news/codeigniter_1.7.2_security_patch/
http://www.phpframeworks.com/news/p/16365/codeigniter-1-7-2-security-patch
83574d5a-f828-11dd-9fdf-0050568452accodeigniter -- arbitrary script execution in the new Form Validation class

znirkel reports:

The eval() function in _reset_post_array crashes when posting certain data. By passing in carefully-crafted input data, the eval() function could also execute malicious PHP code.

Note that CodeIgniter applications that either do not use the new Form Validation class or use the old Validation class are not affected by this vulnerability.


Discovery 2008-11-28
Entry 2009-02-11
codeigniter
ge 1.7.0 lt 1.7.1

http://codeigniter.com/bug_tracker/bug/6068/