FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  371418
Date:      2014-10-24
Time:      01:58:13Z
Committer: zi

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3a7c5fc4-b50c-11df-977b-ecc31dd8ad06p5-libwww -- possibility to remote servers to create file with a .(dot) character

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a `.' (dot) character, which allows remote servers to create or overwrite files via a 3xx redirect to a URL with a crafted filename or a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.


Discovery 2010-06-09
Entry 2010-08-31
p5-libwww
lt 5.835

CVE-2010-2253
http://cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes
3a7c5fc4-b50c-11df-977b-ecc31dd8ad06p5-libwww -- possibility to remote servers to create file with a .(dot) character

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a `.' (dot) character, which allows remote servers to create or overwrite files via a 3xx redirect to a URL with a crafted filename or a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.


Discovery 2010-06-09
Entry 2010-08-31
p5-libwww
lt 5.835

CVE-2010-2253
http://cpansearch.perl.org/src/GAAS/libwww-perl-5.836/Changes