FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  368339
Date:      2014-09-16
Time:      17:35:34Z
Committer: osa

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
cddde37a-39b5-11dc-b3da-001921ab2fa4dokuwiki -- XSS vulnerability in spellchecker backend

DokuWiki reports:

The spellchecker tests the UTF-8 capabilities of the used browser by sending an UTF-8 string to the backend, which will send it back unfiltered. By comparing string length the spellchecker can work around broken implementations. An attacker could construct a form to let users send JavaScript to the spellchecker backend, resulting in malicious JavaScript being executed in their browser.

Affected are all versions up to and including 2007-06-26 even when the spell checker is disabled.


Discovery 2007-06-26
Entry 2007-07-24
dokuwiki
lt 20070626_1

dokuwiki-devel
lt 20070524_1

http://xforce.iss.net/xforce/xfdb/35501
CVE-2007-3930
cddde37a-39b5-11dc-b3da-001921ab2fa4dokuwiki -- XSS vulnerability in spellchecker backend

DokuWiki reports:

The spellchecker tests the UTF-8 capabilities of the used browser by sending an UTF-8 string to the backend, which will send it back unfiltered. By comparing string length the spellchecker can work around broken implementations. An attacker could construct a form to let users send JavaScript to the spellchecker backend, resulting in malicious JavaScript being executed in their browser.

Affected are all versions up to and including 2007-06-26 even when the spell checker is disabled.


Discovery 2007-06-26
Entry 2007-07-24
dokuwiki
lt 20070626_1

dokuwiki-devel
lt 20070524_1

http://xforce.iss.net/xforce/xfdb/35501
CVE-2007-3930
4f838b74-50a1-11de-b01f-001c2514716cdokuwiki -- Local File Inclusion with register_globals on

DokuWiki reports:

A security hole was discovered which allows an attacker to include arbitrary files located on the attacked DokuWiki installation. The included file is executed in the PHP context. This can be escalated by introducing malicious code through uploading file via the media manager or placing PHP code in editable pages.


Discovery 2009-05-26
Entry 2009-06-04
Modified 2010-05-02
dokuwiki
lt 20090214_2

dokuwiki-devel
gt 0

CVE-2009-1960
http://bugs.splitbrain.org/index.php?do=details&task_id=1700
4f838b74-50a1-11de-b01f-001c2514716cdokuwiki -- Local File Inclusion with register_globals on

DokuWiki reports:

A security hole was discovered which allows an attacker to include arbitrary files located on the attacked DokuWiki installation. The included file is executed in the PHP context. This can be escalated by introducing malicious code through uploading file via the media manager or placing PHP code in editable pages.


Discovery 2009-05-26
Entry 2009-06-04
Modified 2010-05-02
dokuwiki
lt 20090214_2

dokuwiki-devel
gt 0

CVE-2009-1960
http://bugs.splitbrain.org/index.php?do=details&task_id=1700