FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  321084
Date:      2013-06-17
Time:      03:23:53Z
Committer: bf

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
884fced7-7f1c-11dd-a66a-0019666436c2wordpress -- remote privilege escalation

The Wordpress development team reports:

With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another users password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.


Discovery 2008-09-08
Entry 2008-10-22
Modified 2010-05-12
wordpress
de-wordpress
wordpress-mu
lt 2.6.2

zh-wordpress
gt 0

31068
CVE-2008-4107
http://wordpress.org/development/2008/09/wordpress-262/
a467d0f9-8875-11dc-b3ba-0016179b2dd5wordpress -- cross-site scripting

A Secunia Advisory report:

Input passed to the "posts_columns" parameter in wp-admin/edit-post-rows.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


Discovery 2007-10-29
Entry 2007-11-01
wordpress
de-wordpress
lt 2.3.1

zh-wordpress
gt 0

CVE-2007-5710
http://secunia.com/advisories/27407
http://wordpress.org/development/2007/10/wordpress-231/
622bc638-be27-11dd-a578-0030843d3802wordpress -- header rss feed script insertion vulnerability

Secunia reports:

Input passed via the HTTP "Host" header is not properly sanitised before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site if malicious data is viewed.


Discovery 2008-11-26
Entry 2008-11-29
Modified 2010-05-02
wordpress
de-wordpress
wordpress-mu
lt 2.6.5

zh-wordpress
gt 0

CVE-2008-5278
http://secunia.com/advisories/32882/
http://wordpress.org/development/2008/11/wordpress-265/
884fced7-7f1c-11dd-a66a-0019666436c2wordpress -- remote privilege escalation

The Wordpress development team reports:

With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another users password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.


Discovery 2008-09-08
Entry 2008-10-22
Modified 2010-05-12
wordpress
de-wordpress
wordpress-mu
lt 2.6.2

zh-wordpress
gt 0

31068
CVE-2008-4107
http://wordpress.org/development/2008/09/wordpress-262/
622bc638-be27-11dd-a578-0030843d3802wordpress -- header rss feed script insertion vulnerability

Secunia reports:

Input passed via the HTTP "Host" header is not properly sanitised before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site if malicious data is viewed.


Discovery 2008-11-26
Entry 2008-11-29
Modified 2010-05-02
wordpress
de-wordpress
wordpress-mu
lt 2.6.5

zh-wordpress
gt 0

CVE-2008-5278
http://secunia.com/advisories/32882/
http://wordpress.org/development/2008/11/wordpress-265/
a467d0f9-8875-11dc-b3ba-0016179b2dd5wordpress -- cross-site scripting

A Secunia Advisory report:

Input passed to the "posts_columns" parameter in wp-admin/edit-post-rows.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


Discovery 2007-10-29
Entry 2007-11-01
wordpress
de-wordpress
lt 2.3.1

zh-wordpress
gt 0

CVE-2007-5710
http://secunia.com/advisories/27407
http://wordpress.org/development/2007/10/wordpress-231/