FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318751
Date:      2013-05-22
Time:      09:14:17Z
Committer: rene

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
559e00b7-6a4d-11e2-b6b0-10bf48230856	wordpress -- multiple vulnerabilities Wordpress reports: WordPress 3.5.1 also addresses the following security issues: A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We'd like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work. Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team. A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue. Discovery 2013-01-24 Entry 2013-01-29 wordpress lt 3.5.1,1 zh-wordpress-zh_CN zh-wordpress-zh_TW de-wordpress ja-wordpress ru-wordpress lt 3.5.1 CVE-2013-0235 CVE-2013-0236 CVE-2013-0237
810df820-3664-11e1-8fe3-00215c6a37bb	WordPress -- cross site scripting vulnerability WordPress development team reports: WordPress 3.3.1 is now available. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3. Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K., and the Go Daddy security team for responsibly disclosing the bug to our security team. Discovery 2012-01-03 Entry 2012-01-03 wordpress lt 3.3.1,1 de-wordpress zh-wordpress-zh_CN zh-wordpress-zh_TW lt 3.3.1 http://threatpost.com/en_us/blogs/xss-bug-found-wordpress-33-010312
810df820-3664-11e1-8fe3-00215c6a37bb	WordPress -- cross site scripting vulnerability WordPress development team reports: WordPress 3.3.1 is now available. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3. Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K., and the Go Daddy security team for responsibly disclosing the bug to our security team. Discovery 2012-01-03 Entry 2012-01-03 wordpress lt 3.3.1,1 de-wordpress zh-wordpress-zh_CN zh-wordpress-zh_TW lt 3.3.1 http://threatpost.com/en_us/blogs/xss-bug-found-wordpress-33-010312
8c93e997-30e0-11e0-b300-485d605f4717	wordpress -- SQL injection vulnerability Vendor reports: SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field. Discovery 2010-11-16 Entry 2011-02-05 Modified 2011-02-09 wordpress lt 3.0.2,1 de-wordpress zh-wordpress-zh_CN zh-wordpress-zh_TW lt 3.0.2 CVE-2010-4257 http://www.cvedetails.com/cve/CVE-2010-4257/
8c93e997-30e0-11e0-b300-485d605f4717	wordpress -- SQL injection vulnerability Vendor reports: SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field. Discovery 2010-11-16 Entry 2011-02-05 Modified 2011-02-09 wordpress lt 3.0.2,1 de-wordpress zh-wordpress-zh_CN zh-wordpress-zh_TW lt 3.0.2 CVE-2010-4257 http://www.cvedetails.com/cve/CVE-2010-4257/