FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  371418
Date:      2014-10-24
Time:      01:58:13Z
Committer: zi

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2ffb1b0d-ecf5-11dd-abae-00219b0fc4d8glpi -- SQL Injection

The GLPI project reports:

Input passed via unspecified parameters is not properly sanitised before being used in SQL queries. This can be exploited to manipulateSQL queries by injecting arbitrary SQL code.


Discovery 2009-01-25
Entry 2009-01-28
glpi
lt 0.71.4

http://www.glpi-project.org/spip.php?page=annonce&id_breve=161&lang=en
https://mail.gna.org/public/glpi-news/2009-01/msg00002.html
https://dev.indepnet.net/glpi/ticket/1224
http://secunia.com/advisories/33680/
2ffb1b0d-ecf5-11dd-abae-00219b0fc4d8glpi -- SQL Injection

The GLPI project reports:

Input passed via unspecified parameters is not properly sanitised before being used in SQL queries. This can be exploited to manipulateSQL queries by injecting arbitrary SQL code.


Discovery 2009-01-25
Entry 2009-01-28
glpi
lt 0.71.4

http://www.glpi-project.org/spip.php?page=annonce&id_breve=161&lang=en
https://mail.gna.org/public/glpi-news/2009-01/msg00002.html
https://dev.indepnet.net/glpi/ticket/1224
http://secunia.com/advisories/33680/
7c769c89-53c2-11e1-8e52-00163e22ef61glpi -- remote attack via crafted POST request

The GLPI project reports:

The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.


Discovery 2011-07-20
Entry 2012-02-10
Modified 2013-06-19
glpi
lt 0.80.2

http://www.glpi-project.org/spip.php?page=annonce&id_breve=237&lang=en
https://forge.indepnet.net/issues/3017
CVE-2011-2720
7c769c89-53c2-11e1-8e52-00163e22ef61glpi -- remote attack via crafted POST request

The GLPI project reports:

The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.


Discovery 2011-07-20
Entry 2012-02-10
Modified 2013-06-19
glpi
lt 0.80.2

http://www.glpi-project.org/spip.php?page=annonce&id_breve=237&lang=en
https://forge.indepnet.net/issues/3017
CVE-2011-2720