FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  360546
Date:      2014-07-04
Time:      06:38:23Z
Committer: swills

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
46aeba13-64a1-11e1-bc16-0023ae8e59f0openx -- undisclosed security issue

OpenX does not provide information about vulnerabilities beyond their existence.


Discovery 2011-12-01
Entry 2012-03-02
Modified 2012-07-08
openx
lt 2.8.9

http://blog.openx.org/12/security-matters-3
46aeba13-64a1-11e1-bc16-0023ae8e59f0openx -- undisclosed security issue

OpenX does not provide information about vulnerabilities beyond their existence.


Discovery 2011-12-01
Entry 2012-03-02
Modified 2012-07-08
openx
lt 2.8.9

http://blog.openx.org/12/security-matters-3
80b6d6cc-c970-11df-bb18-0015587e2cc1openx -- remote code execution vulnerability

The OpenX project reported:

It has been brought to our attention that there is a vulnerability in the 2.8 downloadable version of OpenX that can result in a server running the downloaded version of OpenX being compromised.

This vulnerability exists in the file upload functionality and allows attackers to upload and execute PHP code of their choice.


Discovery 2010-09-14
Entry 2010-09-26
openx
lt 2.8.7

http://blog.openx.org/09/security-update/
http://www.h-online.com/security/news/item/Web-sites-distribute-malware-via-hacked-OpenX-servers-1079099.html
80b6d6cc-c970-11df-bb18-0015587e2cc1openx -- remote code execution vulnerability

The OpenX project reported:

It has been brought to our attention that there is a vulnerability in the 2.8 downloadable version of OpenX that can result in a server running the downloaded version of OpenX being compromised.

This vulnerability exists in the file upload functionality and allows attackers to upload and execute PHP code of their choice.


Discovery 2010-09-14
Entry 2010-09-26
openx
lt 2.8.7

http://blog.openx.org/09/security-update/
http://www.h-online.com/security/news/item/Web-sites-distribute-malware-via-hacked-OpenX-servers-1079099.html
dee44ba9-08ab-11e2-a044-d0df9acfd7e5OpenX -- SQL injection vulnerability

Secunia reports:

A vulnerability has been discovered in OpenX, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "xajaxargs" parameter to www/admin/updates-history.php (when "xajax" is set to "expandOSURow") is not properly sanitised in e.g. the "queryAuditBackupTablesByUpgradeId()" function (lib/OA/Upgrade/DB_UpgradeAuditor.php) before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 2.8.9. Prior versions may also be affected.


Discovery 2012-09-14
Entry 2012-09-27
openx
lt 2.8.10

http://secunia.com/advisories/50598/
dee44ba9-08ab-11e2-a044-d0df9acfd7e5OpenX -- SQL injection vulnerability

Secunia reports:

A vulnerability has been discovered in OpenX, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "xajaxargs" parameter to www/admin/updates-history.php (when "xajax" is set to "expandOSURow") is not properly sanitised in e.g. the "queryAuditBackupTablesByUpgradeId()" function (lib/OA/Upgrade/DB_UpgradeAuditor.php) before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 2.8.9. Prior versions may also be affected.


Discovery 2012-09-14
Entry 2012-09-27
openx
lt 2.8.10

http://secunia.com/advisories/50598/