FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-25 07:15:41 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
06f9174f-190f-11de-b2f0-001c2514716c	phpmyadmin -- insufficient output sanitizing when generating configuration file phpMyAdmin reports: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Discovery 2009-03-24 Entry 2009-03-25 Modified 2010-05-02 phpMyAdmin211 < 2.11.9.5 phpMyAdmin < 3.1.3.1 CVE-2009-1151 http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
274922b8-ad20-11df-af1f-00e0814cab4e	phpmyadmin -- Several XSS vulnerabilities phpMyAdmin Team reports: It was possible to conduct a XSS attack using crafted URLs org POST parameters on several pages. Discovery 2010-08-09 Entry 2010-08-21 phpMyAdmin < 3.3.5.1 phpMyAdmin211 < 2.11.10.1 CVE-2010-3056 http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php
4769914e-b844-11de-b159-0030843d3802	phpmyadmin -- XSS and SQL injection vulnerabilities phpMyAdmin Team reports: Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted MySQL table name. SQL injection vulnerability allows remote attackers to inject SQL via various interface parameters of the PDF schema generator feature. Discovery 2009-10-13 Entry 2009-10-13 phpMyAdmin < 3.2.2.1 phpMyAdmin211 < 2.11.9.6 CVE-2009-3696 CVE-2009-3697 http://www.phpmyadmin.net/home_page/security/PMASA-2009-6.php
54f72962-c7ba-11dd-a721-0030843d3802	phpmyadmin -- cross-site request forgery vulnerability The phpMyAdmin Team reports: A logged-in user can be subject of SQL injection through cross site request forgery. Several scripts in phpMyAdmin are vulnerable and the attack can be made through table parameter. Discovery 2008-12-09 Entry 2008-12-11 Modified 2010-05-02 phpMyAdmin211 < 2.11.9.4 phpMyAdmin < 3.1.1 CVE-2008-5621 http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php http://www.milw0rm.com/exploits/7382 http://secunia.com/advisories/33076/
753f8185-5ba9-42a4-be02-3f55ee580093	phpMyAdmin -- XSS attack in database search phpMyAdmin team reports: It was possible to conduct a XSS attack using spoofed request on the db search script. Discovery 2010-11-29 Entry 2010-11-30 phpMyAdmin < 3.3.8.1 phpMyAdmin211 < 2.11.11.1 ports/152685 ports/152686 CVE-2010-4329 http://www.phpmyadmin.net/home_page/security/PMASA-2010-8.php
85b0bbc8-a7a5-11dd-8283-001c2514716c	phpmyadmin -- Cross-Site Scripting Vulnerability SecurityFocus reports: phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Discovery 2008-10-30 Entry 2008-10-31 Modified 2008-10-31 phpMyAdmin gt 3.0 lt 3.0.1.1 < 2.11.9.3 phpMyAdmin211 < 2.11.9.3 31928 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-9
cd68ff50-362b-11e0-ad36-00215c6a37bb	phpMyAdmin -- multiple vulnerabilities phpMyAdmin team reports: It was possible to create a bookmark which would be executed unintentionally by other users. When the files README, ChangeLog or LICENSE have been removed from their original place (possibly by the distributor), the scripts used to display these files can show their full path, leading to possible further attacks. Discovery 2011-02-08 Entry 2011-02-11 phpMyAdmin < 3.3.9.2 phpMyAdmin211 < 2.11.11.3 http://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php