FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318877
Date:      2013-05-23
Time:      15:30:07Z
Committer: flo

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6693bad2-ca50-11de-8ee8-00215c6a37bbtypo3 -- multiple vulnerabilities in TYPO3 Core

TYPO3 develop team reports:

Affected versions: TYPO3 versions 4.0.13 and below, 4.1.12 and below, 4.2.9 and below, 4.3.0beta1 and below.

SQL injection, Cross-site scripting (XSS), Information disclosure, Frame hijacking, Remote shell command execution and Insecure Install Tool authentication/session handling.


Discovery 2009-10-22
Entry 2009-11-05
typo3
lt 4.2.10

36801
CVE-2009-3628
CVE-2009-3629
CVE-2009-3630
CVE-2009-3631
CVE-2009-3632
CVE-2009-3633
CVE-2009-3634
CVE-2009-3635
CVE-2009-3636
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/
http://secunia.com/advisories/37122/
3c957a3e-2978-11e1-89b4-001ec9578670typo3 -- Remote Code Execution

The typo3 security team reports:

A crafted request to a vulnerable TYPO3 installation will allow an attacker to load PHP code from an external source and to execute it on the TYPO3 installation.

This is caused by a PHP file, which is part of the workspaces system extension, that does not validate passed arguments.


Discovery 2011-12-16
Entry 2011-12-18
typo3
ge 4.6 lt 4.6.2

lt 4.5.9

CVE-2011-4614
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/
6693bad2-ca50-11de-8ee8-00215c6a37bbtypo3 -- multiple vulnerabilities in TYPO3 Core

TYPO3 develop team reports:

Affected versions: TYPO3 versions 4.0.13 and below, 4.1.12 and below, 4.2.9 and below, 4.3.0beta1 and below.

SQL injection, Cross-site scripting (XSS), Information disclosure, Frame hijacking, Remote shell command execution and Insecure Install Tool authentication/session handling.


Discovery 2009-10-22
Entry 2009-11-05
typo3
lt 4.2.10

36801
CVE-2009-3628
CVE-2009-3629
CVE-2009-3630
CVE-2009-3631
CVE-2009-3632
CVE-2009-3633
CVE-2009-3634
CVE-2009-3635
CVE-2009-3636
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/
http://secunia.com/advisories/37122/
3c957a3e-2978-11e1-89b4-001ec9578670typo3 -- Remote Code Execution

The typo3 security team reports:

A crafted request to a vulnerable TYPO3 installation will allow an attacker to load PHP code from an external source and to execute it on the TYPO3 installation.

This is caused by a PHP file, which is part of the workspaces system extension, that does not validate passed arguments.


Discovery 2011-12-16
Entry 2011-12-18
typo3
ge 4.6 lt 4.6.2

lt 4.5.9

CVE-2011-4614
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/