FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  368362
Date:      2014-09-17
Time:      11:04:33Z
Committer: kwm

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
21b7c550-2a22-11db-a6e2-000e0c2e438asquirrelmail -- random variable overwrite vulnerability

The SquirrelMail developers report:

A logged in user could overwrite random variables in compose.php, which might make it possible to read/write other users' preferences or attachments.


Discovery 2006-08-11
Entry 2006-08-12
ja-squirrelmail
ge 1.4.0 lt 1.4.8,2

squirrelmail
ge 1.4.0 lt 1.4.8

CVE-2006-4019
http://www.squirrelmail.org/security/issue/2006-08-11
7fbfe159-3438-11d9-a9e7-0001020eed82squirrelmail -- cross site scripting vulnerability

A SquirrelMail Security Notice reports:

There is a cross site scripting issue in the decoding of encoded text in certain headers. SquirrelMail correctly decodes the specially crafted header, but doesn't sanitize the decoded strings.


Discovery 2004-11-03
Entry 2004-11-12
ja-squirrelmail
lt 1.4.3a_4,2

squirrelmail
lt 1.4.3a_3

http://marc.theaimsgroup.com/?l=bugtraq&m=110012133608004
21b7c550-2a22-11db-a6e2-000e0c2e438asquirrelmail -- random variable overwrite vulnerability

The SquirrelMail developers report:

A logged in user could overwrite random variables in compose.php, which might make it possible to read/write other users' preferences or attachments.


Discovery 2006-08-11
Entry 2006-08-12
ja-squirrelmail
ge 1.4.0 lt 1.4.8,2

squirrelmail
ge 1.4.0 lt 1.4.8

CVE-2006-4019
http://www.squirrelmail.org/security/issue/2006-08-11
7fbfe159-3438-11d9-a9e7-0001020eed82squirrelmail -- cross site scripting vulnerability

A SquirrelMail Security Notice reports:

There is a cross site scripting issue in the decoding of encoded text in certain headers. SquirrelMail correctly decodes the specially crafted header, but doesn't sanitize the decoded strings.


Discovery 2004-11-03
Entry 2004-11-12
ja-squirrelmail
lt 1.4.3a_4,2

squirrelmail
lt 1.4.3a_3

http://marc.theaimsgroup.com/?l=bugtraq&m=110012133608004