FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318524
Date:      2013-05-19
Time:      14:06:36Z
Committer: rakuco

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3c957a3e-2978-11e1-89b4-001ec9578670typo3 -- Remote Code Execution

The typo3 security team reports:

A crafted request to a vulnerable TYPO3 installation will allow an attacker to load PHP code from an external source and to execute it on the TYPO3 installation.

This is caused by a PHP file, which is part of the workspaces system extension, that does not validate passed arguments.


Discovery 2011-12-16
Entry 2011-12-18
typo3
ge 4.6 lt 4.6.2

lt 4.5.9

CVE-2011-4614
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/
6693bad2-ca50-11de-8ee8-00215c6a37bbtypo3 -- multiple vulnerabilities in TYPO3 Core

TYPO3 develop team reports:

Affected versions: TYPO3 versions 4.0.13 and below, 4.1.12 and below, 4.2.9 and below, 4.3.0beta1 and below.

SQL injection, Cross-site scripting (XSS), Information disclosure, Frame hijacking, Remote shell command execution and Insecure Install Tool authentication/session handling.


Discovery 2009-10-22
Entry 2009-11-05
typo3
lt 4.2.10

36801
CVE-2009-3628
CVE-2009-3629
CVE-2009-3630
CVE-2009-3631
CVE-2009-3632
CVE-2009-3633
CVE-2009-3634
CVE-2009-3635
CVE-2009-3636
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/
http://secunia.com/advisories/37122/
6693bad2-ca50-11de-8ee8-00215c6a37bbtypo3 -- multiple vulnerabilities in TYPO3 Core

TYPO3 develop team reports:

Affected versions: TYPO3 versions 4.0.13 and below, 4.1.12 and below, 4.2.9 and below, 4.3.0beta1 and below.

SQL injection, Cross-site scripting (XSS), Information disclosure, Frame hijacking, Remote shell command execution and Insecure Install Tool authentication/session handling.


Discovery 2009-10-22
Entry 2009-11-05
typo3
lt 4.2.10

36801
CVE-2009-3628
CVE-2009-3629
CVE-2009-3630
CVE-2009-3631
CVE-2009-3632
CVE-2009-3633
CVE-2009-3634
CVE-2009-3635
CVE-2009-3636
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/
http://secunia.com/advisories/37122/
cc47fafe-f823-11dd-94d9-0030843d3802typo3 -- cross-site scripting and information disclosure

Secunia reports:

Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.

Input passed via unspecified fields to the backend user interface is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

An error in the "jumpUrl" mechanism can be exploited to read arbitrary files from local resources by disclosing a hash secret used to restrict file access.


Discovery 2009-02-10
Entry 2009-02-11
Modified 2010-05-02
typo3
lt 4.2.6

CVE-2009-0815
CVE-2009-0816
http://secunia.com/advisories/33829/
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/
3c957a3e-2978-11e1-89b4-001ec9578670typo3 -- Remote Code Execution

The typo3 security team reports:

A crafted request to a vulnerable TYPO3 installation will allow an attacker to load PHP code from an external source and to execute it on the TYPO3 installation.

This is caused by a PHP file, which is part of the workspaces system extension, that does not validate passed arguments.


Discovery 2011-12-16
Entry 2011-12-18
typo3
ge 4.6 lt 4.6.2

lt 4.5.9

CVE-2011-4614
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/
cc47fafe-f823-11dd-94d9-0030843d3802typo3 -- cross-site scripting and information disclosure

Secunia reports:

Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.

Input passed via unspecified fields to the backend user interface is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

An error in the "jumpUrl" mechanism can be exploited to read arbitrary files from local resources by disclosing a hash secret used to restrict file access.


Discovery 2009-02-10
Entry 2009-02-11
Modified 2010-05-02
typo3
lt 4.2.6

CVE-2009-0815
CVE-2009-0816
http://secunia.com/advisories/33829/
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/