FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  375358
Date:      2014-12-23
Time:      21:24:55Z
Committer: rea

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3fadb7c6-7b0a-11e0-89b4-001ec9578670mediawiki -- multiple vulnerabilities

Mediawiki reports:

(Bug 28534) XSS vulnerability for IE 6 clients. This is the third attempt at fixing bug 28235.

(Bug 28639) Potential privilege escalation when $wgBlockDisablesLogin is enabled.


Discovery 2011-04-14
Entry 2011-05-12
mediawiki
lt 1.16.5

https://bugzilla.wikimedia.org/show_bug.cgi?id=28534
https://bugzilla.wikimedia.org/show_bug.cgi?id=28639
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_5/phase3/RELEASE-NOTES
e177c410-1943-11e0-9d1c-000c29ba66d2mediawiki -- Clickjacking vulnerabilities

Clickjacking vulnerabilities:

Clickjacking is a type of vulnerability discovered in 2008, which is similar to CSRF. The attack involves displaying the target webpage in a iframe embedded in a malicious website. Using CSS, the submit button of the form on the targeit webpage is made invisible, and then overlaid with some button or link on the malicious website that encourages the user to click on it.


Discovery 2011-01-04
Entry 2011-01-06
mediawiki
gt 1.16 lt 1.16.1

gt 1.15 lt 1.15.5_1

https://bugzilla.wikimedia.org/show_bug.cgi?id=26561
8d04cfbd-344d-11e0-8669-0025222482c5mediawiki -- multiple vulnerabilities

Medawiki reports:

An arbitrary script inclusion vulnerability was discovered. The vulnerability only allows execution of files with names ending in ".php" which are already present in the local filesystem. Only servers running Microsoft Windows and possibly Novell Netware are affected. Despite these mitigating factors, all users are advised to upgrade, since there is a risk of complete server compromise. MediaWiki 1.8.0 and later is affected.

Security researcher mghack discovered a CSS injection vulnerability. For Internet Explorer and similar browsers, this is equivalent to an XSS vulnerability, that is to say, it allows the compromise of wiki user accounts. For other browsers, it allows private data such as IP addresses and browsing patterns to be sent to a malicious external web server. It affects all versions of MediaWiki. All users are advised to upgrade.


Discovery 2011-02-01
Entry 2011-02-09
mediawiki
lt 1.16.2

CVE-2011-0047
https://bugzilla.wikimedia.org/show_bug.cgi?id=27094
https://bugzilla.wikimedia.org/show_bug.cgi?id=27093
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_2/phase3/RELEASE-NOTES
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html
e177c410-1943-11e0-9d1c-000c29ba66d2mediawiki -- Clickjacking vulnerabilities

Clickjacking vulnerabilities:

Clickjacking is a type of vulnerability discovered in 2008, which is similar to CSRF. The attack involves displaying the target webpage in a iframe embedded in a malicious website. Using CSS, the submit button of the form on the targeit webpage is made invisible, and then overlaid with some button or link on the malicious website that encourages the user to click on it.


Discovery 2011-01-04
Entry 2011-01-06
mediawiki
gt 1.16 lt 1.16.1

gt 1.15 lt 1.15.5_1

https://bugzilla.wikimedia.org/show_bug.cgi?id=26561
3fadb7c6-7b0a-11e0-89b4-001ec9578670mediawiki -- multiple vulnerabilities

Mediawiki reports:

(Bug 28534) XSS vulnerability for IE 6 clients. This is the third attempt at fixing bug 28235.

(Bug 28639) Potential privilege escalation when $wgBlockDisablesLogin is enabled.


Discovery 2011-04-14
Entry 2011-05-12
mediawiki
lt 1.16.5

https://bugzilla.wikimedia.org/show_bug.cgi?id=28534
https://bugzilla.wikimedia.org/show_bug.cgi?id=28639
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_5/phase3/RELEASE-NOTES
8d04cfbd-344d-11e0-8669-0025222482c5mediawiki -- multiple vulnerabilities

Medawiki reports:

An arbitrary script inclusion vulnerability was discovered. The vulnerability only allows execution of files with names ending in ".php" which are already present in the local filesystem. Only servers running Microsoft Windows and possibly Novell Netware are affected. Despite these mitigating factors, all users are advised to upgrade, since there is a risk of complete server compromise. MediaWiki 1.8.0 and later is affected.

Security researcher mghack discovered a CSS injection vulnerability. For Internet Explorer and similar browsers, this is equivalent to an XSS vulnerability, that is to say, it allows the compromise of wiki user accounts. For other browsers, it allows private data such as IP addresses and browsing patterns to be sent to a malicious external web server. It affects all versions of MediaWiki. All users are advised to upgrade.


Discovery 2011-02-01
Entry 2011-02-09
mediawiki
lt 1.16.2

CVE-2011-0047
https://bugzilla.wikimedia.org/show_bug.cgi?id=27094
https://bugzilla.wikimedia.org/show_bug.cgi?id=27093
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_2/phase3/RELEASE-NOTES
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html