FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  375358
Date:      2014-12-23
Time:      21:24:55Z
Committer: rea

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
67516177-88ec-11e1-9a10-0023ae8e59f0typo -- Cross-Site Scripting

Typo Security Team reports:

Failing to properly encode the output, the default TYPO3 Exception Handler is susceptible to Cross-Site Scripting. We are not aware of a possibility to exploit this vulnerability without third party extensions being installed that put user input in exception messages. However, it has come to our attention that extensions using the extbase MVC framework can be used to exploit this vulnerability if these extensions accept objects in controller actions.


Discovery 2012-04-17
Entry 2012-04-18
typo3
ge 4.6.0 le 4.6.7

ge 4.5.0 le 4.5.14

ge 4.4.0 le 4.4.14

CVE-2012-2112
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/
3c957a3e-2978-11e1-89b4-001ec9578670typo3 -- Remote Code Execution

The typo3 security team reports:

A crafted request to a vulnerable TYPO3 installation will allow an attacker to load PHP code from an external source and to execute it on the TYPO3 installation.

This is caused by a PHP file, which is part of the workspaces system extension, that does not validate passed arguments.


Discovery 2011-12-16
Entry 2011-12-18
typo3
ge 4.6 lt 4.6.2

lt 4.5.9

CVE-2011-4614
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/
67516177-88ec-11e1-9a10-0023ae8e59f0typo -- Cross-Site Scripting

Typo Security Team reports:

Failing to properly encode the output, the default TYPO3 Exception Handler is susceptible to Cross-Site Scripting. We are not aware of a possibility to exploit this vulnerability without third party extensions being installed that put user input in exception messages. However, it has come to our attention that extensions using the extbase MVC framework can be used to exploit this vulnerability if these extensions accept objects in controller actions.


Discovery 2012-04-17
Entry 2012-04-18
typo3
ge 4.6.0 le 4.6.7

ge 4.5.0 le 4.5.14

ge 4.4.0 le 4.4.14

CVE-2012-2112
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/
3c957a3e-2978-11e1-89b4-001ec9578670typo3 -- Remote Code Execution

The typo3 security team reports:

A crafted request to a vulnerable TYPO3 installation will allow an attacker to load PHP code from an external source and to execute it on the TYPO3 installation.

This is caused by a PHP file, which is part of the workspaces system extension, that does not validate passed arguments.


Discovery 2011-12-16
Entry 2011-12-18
typo3
ge 4.6 lt 4.6.2

lt 4.5.9

CVE-2011-4614
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/