FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  373141
Date:      2014-11-23
Time:      10:35:06Z
Committer: madpilot

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
da317bc9-59a6-11e1-bc16-0023ae8e59f0piwik -- xss and click-jacking issues

The Piwik Team reports:

We would like to thank the following security researchers for their responsible disclosure of XSS and click-jacking issues: Piotr Duszynski, Sergey Markov, Mauro Gentile.


Discovery 2012-02-16
Entry 2012-02-16
piwik
lt 1.7

"http://piwik.org/blog/2012/02/7775/"
26e1c48a-9fa7-11df-81b5-00e0814cab4ePiwik -- Local File Inclusion Vulnerability

Piwik versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote file inclusion using a directory traversal pattern infinite a crafted request for a data renderer.

A vulnerability has been reported in Piwik, which can before exploited by malicious people to disclose potentially sensitive information. Input passed to unspecified parameters when requesting a data renderer is not properly verified before being used to include files. This can be exploited to includes arbitrary files from local resources via directory traversal attacks.


Discovery 2010-07-28
Entry 2010-08-04
piwik
gt 0.6 lt 0.6.3

CVE-2010-2786
http://secunia.com/advisories/40703
da317bc9-59a6-11e1-bc16-0023ae8e59f0piwik -- xss and click-jacking issues

The Piwik Team reports:

We would like to thank the following security researchers for their responsible disclosure of XSS and click-jacking issues: Piotr Duszynski, Sergey Markov, Mauro Gentile.


Discovery 2012-02-16
Entry 2012-02-16
piwik
lt 1.7

"http://piwik.org/blog/2012/02/7775/"
26e1c48a-9fa7-11df-81b5-00e0814cab4ePiwik -- Local File Inclusion Vulnerability

Piwik versions 0.6 through 0.6.3 are vulnerable to arbitrary, remote file inclusion using a directory traversal pattern infinite a crafted request for a data renderer.

A vulnerability has been reported in Piwik, which can before exploited by malicious people to disclose potentially sensitive information. Input passed to unspecified parameters when requesting a data renderer is not properly verified before being used to include files. This can be exploited to includes arbitrary files from local resources via directory traversal attacks.


Discovery 2010-07-28
Entry 2010-08-04
piwik
gt 0.6 lt 0.6.3

CVE-2010-2786
http://secunia.com/advisories/40703