FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318524
Date:      2013-05-19
Time:      14:06:36Z
Committer: rakuco

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
97c22a94-5b8b-11e2-b131-000c299b62e1	nagios -- buffer overflow in history.cgi full disclosure reports: history.cgi is vulnerable to a buffer overflow due to the use of sprintf with user supplied data that has not been restricted in size. Discovery 2012-12-21 Entry 2013-01-10 nagios lt 3.4.3_1 CVE-2012-6096 http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0108.html http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=2547
d4a358d3-e09a-11dd-a765-0030843d3802	nagios -- web interface privilege escalation vulnerability securityfocus reports: An attacker with low-level privileges may exploit this issue to bypass authorization and cause arbitrary commands to run within the context of the Nagios server. This may aid in further attacks. Discovery 2008-11-06 Entry 2009-01-12 Modified 2009-01-15 nagios lt 3.0.5 nagios2 lt 2.12_2 CVE-2008-5027 32156 http://secunia.com/advisories/33320 http://www.ubuntu.com/usn/USN-698-1 http://www.nagios.org/development/history/nagios-3x.php
97c22a94-5b8b-11e2-b131-000c299b62e1	nagios -- buffer overflow in history.cgi full disclosure reports: history.cgi is vulnerable to a buffer overflow due to the use of sprintf with user supplied data that has not been restricted in size. Discovery 2012-12-21 Entry 2013-01-10 nagios lt 3.4.3_1 CVE-2012-6096 http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0108.html http://nagios.svn.sourceforge.net/viewvc/nagios?view=revision&revision=2547
d4a358d3-e09a-11dd-a765-0030843d3802	nagios -- web interface privilege escalation vulnerability securityfocus reports: An attacker with low-level privileges may exploit this issue to bypass authorization and cause arbitrary commands to run within the context of the Nagios server. This may aid in further attacks. Discovery 2008-11-06 Entry 2009-01-12 Modified 2009-01-15 nagios lt 3.0.5 nagios2 lt 2.12_2 CVE-2008-5027 32156 http://secunia.com/advisories/33320 http://www.ubuntu.com/usn/USN-698-1 http://www.nagios.org/development/history/nagios-3x.php
3ebd4cb5-657f-11de-883a-00e0815b8da8	nagios -- Command Injection Vulnerability Secunia reports: A vulnerability has been reported in Nagios, which can be exploited by malicious users to potentially compromise a vulnerable system. Input passed to the "ping" parameter in statuswml.cgi is not properly sanitised before being used to invoke the ping command. This can be exploited to inject and execute arbitrary shell commands. Successful exploitation requires access to the ping feature of the WAP interface. Discovery 2009-05-29 Entry 2009-06-30 Modified 2009-07-13 nagios le 3.0.6_1 nagios2 le 2.12_3 nagios-devel le 3.1.0_1 CVE-2009-2288 http://secunia.com/advisories/35543 http://tracker.nagios.org/view.php?id=15
3ebd4cb5-657f-11de-883a-00e0815b8da8	nagios -- Command Injection Vulnerability Secunia reports: A vulnerability has been reported in Nagios, which can be exploited by malicious users to potentially compromise a vulnerable system. Input passed to the "ping" parameter in statuswml.cgi is not properly sanitised before being used to invoke the ping command. This can be exploited to inject and execute arbitrary shell commands. Successful exploitation requires access to the ping feature of the WAP interface. Discovery 2009-05-29 Entry 2009-06-30 Modified 2009-07-13 nagios le 3.0.6_1 nagios2 le 2.12_3 nagios-devel le 3.1.0_1 CVE-2009-2288 http://secunia.com/advisories/35543 http://tracker.nagios.org/view.php?id=15