FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  363221
Date:      2014-07-28
Time:      18:38:13Z
Committer: cs

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
5752a0df-60c5-4876-a872-f12f9a02fa05gallery -- cross-site scripting

Gallery includes several cross-site scripting vulnerabilities that could allow malicious content to be injected.


Discovery 2005-01-26
Entry 2005-06-17
gallery
lt 1.4.4.5

CVE-2004-1106
CVE-2005-0219
CVE-2005-0220
CVE-2005-0221
CVE-2005-0222
11602
http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147
http://marc.theaimsgroup.com/?l=bugtraq&m=110608459222364
5752a0df-60c5-4876-a872-f12f9a02fa05gallery -- cross-site scripting

Gallery includes several cross-site scripting vulnerabilities that could allow malicious content to be injected.


Discovery 2005-01-26
Entry 2005-06-17
gallery
lt 1.4.4.5

CVE-2004-1106
CVE-2005-0219
CVE-2005-0220
CVE-2005-0221
CVE-2005-0222
11602
http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147
http://marc.theaimsgroup.com/?l=bugtraq&m=110608459222364
fc9e73b2-8685-11dd-bb64-0030843d3802gallery -- multiple vulnerabilities

Secunia reports:

An error in the handing of ZIP archives with symbolic links can be exploited to disclose the contents of arbitrary files.

Input from uploaded Flash animations is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed.


Discovery 2008-09-18
Entry 2008-09-19
Modified 2008-10-03
gallery
lt 1.5.9

gallery2
lt 2.2.6

http://secunia.com/advisories/31912/
http://secunia.com/advisories/31858/
fc9e73b2-8685-11dd-bb64-0030843d3802gallery -- multiple vulnerabilities

Secunia reports:

An error in the handing of ZIP archives with symbolic links can be exploited to disclose the contents of arbitrary files.

Input from uploaded Flash animations is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed.


Discovery 2008-09-18
Entry 2008-09-19
Modified 2008-10-03
gallery
lt 1.5.9

gallery2
lt 2.2.6

http://secunia.com/advisories/31912/
http://secunia.com/advisories/31858/