FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  369686
Date:      2014-10-01
Time:      03:40:03Z
Committer: bdrewery

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8c93e997-30e0-11e0-b300-485d605f4717wordpress -- SQL injection vulnerability

Vendor reports:

SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.


Discovery 2010-11-16
Entry 2011-02-05
Modified 2011-02-09
wordpress
lt 3.0.2,1

de-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
lt 3.0.2

CVE-2010-4257
http://www.cvedetails.com/cve/CVE-2010-4257/
8c93e997-30e0-11e0-b300-485d605f4717wordpress -- SQL injection vulnerability

Vendor reports:

SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.


Discovery 2010-11-16
Entry 2011-02-05
Modified 2011-02-09
wordpress
lt 3.0.2,1

de-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
lt 3.0.2

CVE-2010-4257
http://www.cvedetails.com/cve/CVE-2010-4257/
810df820-3664-11e1-8fe3-00215c6a37bbWordPress -- cross site scripting vulnerability

WordPress development team reports:

WordPress 3.3.1 is now available. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3. Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K., and the Go Daddy security team for responsibly disclosing the bug to our security team.


Discovery 2012-01-03
Entry 2012-01-03
wordpress
lt 3.3.1,1

de-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
lt 3.3.1

http://threatpost.com/en_us/blogs/xss-bug-found-wordpress-33-010312
559e00b7-6a4d-11e2-b6b0-10bf48230856wordpress -- multiple vulnerabilities

Wordpress reports:

WordPress 3.5.1 also addresses the following security issues:

  • A server-side request forgery vulnerability and remote port scanning using pingbacks. This vulnerability, which could potentially be used to expose information and compromise a site, affects all previous WordPress versions. This was fixed by the WordPress security team. We'd like to thank security researchers Gennady Kovshenin and Ryan Dewhurst for reviewing our work.
  • Two instances of cross-site scripting via shortcodes and post content. These issues were discovered by Jon Cave of the WordPress security team.
  • A cross-site scripting vulnerability in the external library Plupload. Thanks to the Moxiecode team for working with us on this, and for releasing Plupload 1.5.5 to address this issue.

Discovery 2013-01-24
Entry 2013-01-29
Modified 2014-04-30
wordpress
lt 3.5.1,1

zh-wordpress-zh_CN
lt 3.5.1

zh-wordpress-zh_TW
lt 3.5.1

de-wordpress
lt 3.5.1

ja-wordpress
lt 3.5.1

ru-wordpress
lt 3.5.1

CVE-2013-0235
CVE-2013-0236
CVE-2013-0237
810df820-3664-11e1-8fe3-00215c6a37bbWordPress -- cross site scripting vulnerability

WordPress development team reports:

WordPress 3.3.1 is now available. This maintenance release fixes 15 issues with WordPress 3.3, as well as a fix for a cross-site scripting vulnerability that affected version 3.3. Thanks to Joshua H., Hoang T., Stefan Zimmerman, Chris K., and the Go Daddy security team for responsibly disclosing the bug to our security team.


Discovery 2012-01-03
Entry 2012-01-03
wordpress
lt 3.3.1,1

de-wordpress
zh-wordpress-zh_CN
zh-wordpress-zh_TW
lt 3.3.1

http://threatpost.com/en_us/blogs/xss-bug-found-wordpress-33-010312