FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  374959
Date:      2014-12-19
Time:      18:05:51Z
Committer: brd

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
50457509-d05e-11d9-9aed-000e0c2e438aphpSysInfo -- cross site scripting vulnerability

A Securityreason.com advisory reports that various cross site scripting vulnerabilities have been found in phpSysInfo. Input is not properly sanitised before it is returned to the user. A malicious person could exploit this to execute arbitrary HTML and script code in a users browser session. Also it is possible to view the full path of certain scripts by accessing them directly.


Discovery 2005-03-22
Entry 2005-07-09
Modified 2005-12-25
phpSysInfo
lt 2.5.1

12887
CVE-2005-0869
CVE-2005-0870
http://marc.theaimsgroup.com/?l=bugtraq&m=111161017209422
88260dfe-3d21-11dc-b3d3-0016179b2dd5phpsysinfo -- url Cross-Site Scripting

Doz reports:

A Input passed in the URL to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


Discovery 2007-07-27
Entry 2007-07-28
Modified 2007-08-01
phpSysInfo
lt 2.5.3_1

http://secunia.com/advisories/26248/
9c1cea79-548a-11da-b53f-0004614cc33dphpSysInfo -- "register_globals" emulation layer overwrite vulnerability

A Secunia Advisory reports:

Christopher Kunz has reported a vulnerability in phpSysInfo, which can be exploited by malicious people to manipulate certain information.

The vulnerability is caused due to an error in the "register_globals" emulation layer where certain arrays used by the system can be overwritten. This can be exploited to execute arbitrary HTML and script code in a user's browser session and include arbitrary files from local resources.


Discovery 2005-11-10
Entry 2005-11-13
Modified 2005-12-25
phpSysInfo
lt 2.5.1

http://www.hardened-php.net/advisory_222005.81.html
http://secunia.com/advisories/17441/
50457509-d05e-11d9-9aed-000e0c2e438aphpSysInfo -- cross site scripting vulnerability

A Securityreason.com advisory reports that various cross site scripting vulnerabilities have been found in phpSysInfo. Input is not properly sanitised before it is returned to the user. A malicious person could exploit this to execute arbitrary HTML and script code in a users browser session. Also it is possible to view the full path of certain scripts by accessing them directly.


Discovery 2005-03-22
Entry 2005-07-09
Modified 2005-12-25
phpSysInfo
lt 2.5.1

12887
CVE-2005-0869
CVE-2005-0870
http://marc.theaimsgroup.com/?l=bugtraq&m=111161017209422
88260dfe-3d21-11dc-b3d3-0016179b2dd5phpsysinfo -- url Cross-Site Scripting

Doz reports:

A Input passed in the URL to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


Discovery 2007-07-27
Entry 2007-07-28
Modified 2007-08-01
phpSysInfo
lt 2.5.3_1

http://secunia.com/advisories/26248/
9c1cea79-548a-11da-b53f-0004614cc33dphpSysInfo -- "register_globals" emulation layer overwrite vulnerability

A Secunia Advisory reports:

Christopher Kunz has reported a vulnerability in phpSysInfo, which can be exploited by malicious people to manipulate certain information.

The vulnerability is caused due to an error in the "register_globals" emulation layer where certain arrays used by the system can be overwritten. This can be exploited to execute arbitrary HTML and script code in a user's browser session and include arbitrary files from local resources.


Discovery 2005-11-10
Entry 2005-11-13
Modified 2005-12-25
phpSysInfo
lt 2.5.1

http://www.hardened-php.net/advisory_222005.81.html
http://secunia.com/advisories/17441/