FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  372986
Date:      2014-11-21
Time:      11:06:59Z
Committer: madpilot

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
c0869649-5a0c-11df-942d-0015587e2cc1piwik -- cross site scripting vulnerability

The Piwik security advisory reports:

A non-persistent, cross-site scripting vulnerability (XSS) was found in Piwik's Login form that reflected the form_url parameter without being properly escaped or filtered.


Discovery 2010-04-15
Entry 2010-05-07
piwik
le 0.5.5

CVE-2010-1453
http://piwik.org/blog/2010/04/piwik-0-6-security-advisory/
da317bc9-59a6-11e1-bc16-0023ae8e59f0piwik -- xss and click-jacking issues

The Piwik Team reports:

We would like to thank the following security researchers for their responsible disclosure of XSS and click-jacking issues: Piotr Duszynski, Sergey Markov, Mauro Gentile.


Discovery 2012-02-16
Entry 2012-02-16
piwik
lt 1.7

"http://piwik.org/blog/2012/02/7775/"
da317bc9-59a6-11e1-bc16-0023ae8e59f0piwik -- xss and click-jacking issues

The Piwik Team reports:

We would like to thank the following security researchers for their responsible disclosure of XSS and click-jacking issues: Piotr Duszynski, Sergey Markov, Mauro Gentile.


Discovery 2012-02-16
Entry 2012-02-16
piwik
lt 1.7

"http://piwik.org/blog/2012/02/7775/"
fcbf56dd-e667-11de-920a-00248c9b4be7piwik -- php code execution

secunia reports:

Stefan Esser has reported a vulnerability in Piwik, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the core/Cookie.php script using "unserialize()" with user controlled input. This can be exploited to e.g. execute arbitrary PHP code via the "__wakeup()" or "__destruct()" methods of a serialized object passed via an HTTP cookie.


Discovery 2009-12-10
Entry 2009-12-11
Modified 2010-05-02
piwik
lt 0.5.1

CVE-2009-4137
http://secunia.com/advisories/37649/
http://www.sektioneins.de/de/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability/index.html
http://piwik.org/blog/2009/12/piwik-response-to-shocking-news-in-php-exploitation/
fcbf56dd-e667-11de-920a-00248c9b4be7piwik -- php code execution

secunia reports:

Stefan Esser has reported a vulnerability in Piwik, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the core/Cookie.php script using "unserialize()" with user controlled input. This can be exploited to e.g. execute arbitrary PHP code via the "__wakeup()" or "__destruct()" methods of a serialized object passed via an HTTP cookie.


Discovery 2009-12-10
Entry 2009-12-11
Modified 2010-05-02
piwik
lt 0.5.1

CVE-2009-4137
http://secunia.com/advisories/37649/
http://www.sektioneins.de/de/advisories/advisory-032009-piwik-cookie-unserialize-vulnerability/index.html
http://piwik.org/blog/2009/12/piwik-response-to-shocking-news-in-php-exploitation/
c0869649-5a0c-11df-942d-0015587e2cc1piwik -- cross site scripting vulnerability

The Piwik security advisory reports:

A non-persistent, cross-site scripting vulnerability (XSS) was found in Piwik's Login form that reflected the form_url parameter without being properly escaped or filtered.


Discovery 2010-04-15
Entry 2010-05-07
piwik
le 0.5.5

CVE-2010-1453
http://piwik.org/blog/2010/04/piwik-0-6-security-advisory/