FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318751
Date:      2013-05-22
Time:      09:14:17Z
Committer: rene

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
27d78386-d35f-11dd-b800-001b77d09812awstats -- multiple XSS vulnerabilities

Secunia reports:

Morgan Todd has discovered a vulnerability in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed in the URL to awstats.pl is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that the application is running as a CGI script.


Discovery 2008-03-12
Entry 2009-01-04
awstats
lt 6.9,1

awstats-devel
gt 0

CVE-2008-3714
CVE-2008-5080
http://secunia.com/advisories/31519
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432
ce6ce2f8-34ac-11e0-8103-00215c6a37bbawstats -- arbitrary commands execution vulnerability

Awstats change log reports:

  • Security fix (Traverse directory of LoadPlugin)
  • Security fix (Limit config to defined directory to avoid access to external config file via a nfs or webdav link).

Discovery 2010-05-01
Entry 2011-02-10
awstats
lt 7.0,1

awstats-devel
gt 0

CVE-2010-4367
http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html
http://awstats.sourceforge.net/docs/awstats_changelog.txt
27d78386-d35f-11dd-b800-001b77d09812awstats -- multiple XSS vulnerabilities

Secunia reports:

Morgan Todd has discovered a vulnerability in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed in the URL to awstats.pl is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that the application is running as a CGI script.


Discovery 2008-03-12
Entry 2009-01-04
awstats
lt 6.9,1

awstats-devel
gt 0

CVE-2008-3714
CVE-2008-5080
http://secunia.com/advisories/31519
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432
ce6ce2f8-34ac-11e0-8103-00215c6a37bbawstats -- arbitrary commands execution vulnerability

Awstats change log reports:

  • Security fix (Traverse directory of LoadPlugin)
  • Security fix (Limit config to defined directory to avoid access to external config file via a nfs or webdav link).

Discovery 2010-05-01
Entry 2011-02-10
awstats
lt 7.0,1

awstats-devel
gt 0

CVE-2010-4367
http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html
http://awstats.sourceforge.net/docs/awstats_changelog.txt