FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  371856
Date:      2014-10-31
Time:      15:38:00Z
Committer: rea

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e94cb43d-0c4a-11db-9016-0050bf27ba24horde -- various problems in dereferrer

Horde 3.1.2 release announcement:

Security Fixes:

  • Closed XSS problems in dereferrer (IE only), help viewer and problem reporting screen.
  • Removed unused image proxy code from dereferrer.

Discovery 2006-06-28
Entry 2006-07-05
Modified 2010-05-12
horde
horde-php5
lt 3.1.2

CVE-2006-3548
http://lists.horde.org/archives/announce/2006/000288.html
e94cb43d-0c4a-11db-9016-0050bf27ba24horde -- various problems in dereferrer

Horde 3.1.2 release announcement:

Security Fixes:

  • Closed XSS problems in dereferrer (IE only), help viewer and problem reporting screen.
  • Removed unused image proxy code from dereferrer.

Discovery 2006-06-28
Entry 2006-07-05
Modified 2010-05-12
horde
horde-php5
lt 3.1.2

CVE-2006-3548
http://lists.horde.org/archives/announce/2006/000288.html
e2e8d374-2e40-11db-b683-0008743bf21ahorde -- Phishing and Cross-Site Scripting Vulnerabilities

Secunia reports:

Some vulnerabilities have been reported in Horde, which can be exploited by malicious people to conduct phishing and cross-site scripting attacks.

  1. Input passed to the "url" parameter in index.php isn't properly verified before it is being used to include an arbitrary web site in a frameset. This can e.g. be exploited to trick a user into believing certain malicious content is served from a trusted web site.
  2. Some unspecified input passed in index.php isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Discovery 2006-08-17
Entry 2006-08-17
horde
le 3.1.2

imp
le 4.1.2

19557
19544
http://secunia.com/advisories/21500/
http://lists.horde.org/archives/announce/2006/000292.html
e2e8d374-2e40-11db-b683-0008743bf21ahorde -- Phishing and Cross-Site Scripting Vulnerabilities

Secunia reports:

Some vulnerabilities have been reported in Horde, which can be exploited by malicious people to conduct phishing and cross-site scripting attacks.

  1. Input passed to the "url" parameter in index.php isn't properly verified before it is being used to include an arbitrary web site in a frameset. This can e.g. be exploited to trick a user into believing certain malicious content is served from a trusted web site.
  2. Some unspecified input passed in index.php isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Discovery 2006-08-17
Entry 2006-08-17
horde
le 3.1.2

imp
le 4.1.2

19557
19544
http://secunia.com/advisories/21500/
http://lists.horde.org/archives/announce/2006/000292.html
09429f7c-fd6e-11da-b1cd-0050bf27ba24horde -- multiple parameter cross site scripting vulnerabilities

FrSIRT advisory ADV-2006-2356 reports:

Multiple vulnerabilities have been identified in Horde Application Framework, which may be exploited by attackers to execute arbitrary scripting code. These flaws are due to input validation errors in the "test.php" and "templates/problem/problem.inc" scripts that do not validate the "url", "name", "email", "subject" and "message" parameters, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.


Discovery 2006-06-10
Entry 2006-06-17
horde
horde-php5
le 3.1.1

CVE-2006-2195
http://www.frsirt.com/english/advisories/2006/2356
http://cvs.horde.org/diff.php?f=horde%2Ftest.php&r1=1.145&r2=1.146
http://cvs.horde.org/diff.php?f=horde%2Ftemplates%2Fproblem%2Fproblem.inc&r1=2.25&r2=2.26
09429f7c-fd6e-11da-b1cd-0050bf27ba24horde -- multiple parameter cross site scripting vulnerabilities

FrSIRT advisory ADV-2006-2356 reports:

Multiple vulnerabilities have been identified in Horde Application Framework, which may be exploited by attackers to execute arbitrary scripting code. These flaws are due to input validation errors in the "test.php" and "templates/problem/problem.inc" scripts that do not validate the "url", "name", "email", "subject" and "message" parameters, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.


Discovery 2006-06-10
Entry 2006-06-17
horde
horde-php5
le 3.1.1

CVE-2006-2195
http://www.frsirt.com/english/advisories/2006/2356
http://cvs.horde.org/diff.php?f=horde%2Ftest.php&r1=1.145&r2=1.146
http://cvs.horde.org/diff.php?f=horde%2Ftemplates%2Fproblem%2Fproblem.inc&r1=2.25&r2=2.26