FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  321338
Date:      2013-06-19
Time:      21:56:56Z
Committer: jgh

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
2adc3e78-22d1-11e2-b9f0-d0df9acfd7e5	drupal7 -- multiple vulnerabilities Drupal Security Team reports: Arbitrary PHP code execution A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PHP code on the original server. Information disclosure - OpenID module For sites using the core OpenID module, an information disclosure vulnerability was identified that allows an attacker to read files on the local filesystem by attempting to log in to the site using a malicious OpenID server. Discovery 2012-10-17 Entry 2012-10-31 drupal7 lt 7.16 http://drupal.org/node/1815912
a4d71e4c-7bf4-11e2-84cd-d43d7e0c7c02	drupal7 -- Denial of service Drupal Security Team reports: Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effects may lead to the site becoming unavailable or unresponsive. Discovery 2013-02-20 Entry 2013-02-21 drupal7 lt 7.19 CVE-2013-0316 https://drupal.org/SA-CORE-2013-002
1827f213-633e-11e2-8d93-c8600054b392	drupal -- multiple vulnerabilities Drupal Security Team reports: Cross-site scripting (Various core and contributed modules) Access bypass (Book module printer friendly version) Access bypass (Image module) Discovery 2013-01-16 Entry 2013-01-20 drupal6 lt 6.28 drupal7 lt 7.19 https://drupal.org/SA-CORE-2013-001

VuXML ID

Description

2adc3e78-22d1-11e2-b9f0-d0df9acfd7e5

drupal7 -- multiple vulnerabilities

Drupal Security Team reports:

Arbitrary PHP code execution

A bug in the installer code was identified that allows an attacker to re-install Drupal using an external database server under certain transient conditions. This could allow the attacker to execute arbitrary PHP code on the original server.

Information disclosure - OpenID module

For sites using the core OpenID module, an information disclosure vulnerability was identified that allows an attacker to read files on the local filesystem by attempting to log in to the site using a malicious OpenID server.

Discovery 2012-10-17
Entry 2012-10-31
drupal7

lt 7.16

http://drupal.org/node/1815912

a4d71e4c-7bf4-11e2-84cd-d43d7e0c7c02

drupal7 -- Denial of service

Drupal Security Team reports:

Drupal core's Image module allows for the on-demand generation of image derivatives. This capability can be abused by requesting a large number of new derivatives which can fill up the server disk space, and which can cause a very high CPU load. Either of these effects may lead to the site becoming unavailable or unresponsive.

Discovery 2013-02-20
Entry 2013-02-21
drupal7

lt 7.19

CVE-2013-0316
https://drupal.org/SA-CORE-2013-002

1827f213-633e-11e2-8d93-c8600054b392

drupal -- multiple vulnerabilities

Drupal Security Team reports:

Cross-site scripting (Various core and contributed modules)

Access bypass (Book module printer friendly version)

Access bypass (Image module)

Discovery 2013-01-16
Entry 2013-01-20
drupal6

lt 6.28

drupal7

lt 7.19

https://drupal.org/SA-CORE-2013-001