FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  366223
Date:      2014-08-26
Time:      16:36:41Z
Committer: rene

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f47f2746-12c5-11dd-bab7-0016179b2dd5mailman -- script insertion vulnerability

Secunia reports:

A vulnerability has been reported in Mailman, which can be exploited by malicious users to conduct script insertion attacks.

Certain input when editing the list templates and the list info attribute is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious website is accessed.


Discovery 2008-02-05
Entry 2008-04-25
ja-mailman
mailman
mailman-with-htdig
lt 2.1.10

CVE-2008-0564
27630
http://www.ubuntu.com/usn/usn-586-1
http://secunia.com/advisories/28794
http://sourceforge.net/project/shownotes.php?release_id=593924
8be2e304-cce6-11da-a3b1-00123ffe8333mailman -- Private Archive Script Cross-Site Scripting

Secunia reports:

A vulnerability has been reported in Mailman, which can be exploited by malicious people to conduct cross-site scripting attacks.

Unspecified input passed to the private archive script is not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.


Discovery 2006-04-07
Entry 2006-04-16
mailman
ja-mailman
mailman-with-htdig
lt 2.1.8

CVE-2006-1712
http://mail.python.org/pipermail/mailman-announce/2006-April/000084.html
http://secunia.com/advisories/19558/
fffa9257-3c17-11db-86ab-00123ffe8333mailman -- Multiple Vulnerabilities

Secunia reports:

Mailman can be exploited by malicious people to conduct cross-site scripting and phishing attacks, and cause a DoS (Denial of Service).

1) An error in the logging functionality can be exploited to inject a spoofed log message into the error log via a specially crafted URL.

Successful exploitation may trick an administrator into visiting a malicious web site.

2) An error in the processing of malformed headers which does not follow the RFC 2231 standard can be exploited to cause a DoS (Denial of Service).

3) Some unspecified input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


Discovery 2006-06-09
Entry 2006-09-04
Modified 2006-10-04
mailman
ja-mailman
mailman-with-htdig
lt 2.1.9.r1

19831
CVE-2006-2191
CVE-2006-2941
CVE-2006-3636
CVE-2006-4624
http://secunia.com/advisories/21732/
http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295
8be2e304-cce6-11da-a3b1-00123ffe8333mailman -- Private Archive Script Cross-Site Scripting

Secunia reports:

A vulnerability has been reported in Mailman, which can be exploited by malicious people to conduct cross-site scripting attacks.

Unspecified input passed to the private archive script is not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.


Discovery 2006-04-07
Entry 2006-04-16
mailman
ja-mailman
mailman-with-htdig
lt 2.1.8

CVE-2006-1712
http://mail.python.org/pipermail/mailman-announce/2006-April/000084.html
http://secunia.com/advisories/19558/
f47f2746-12c5-11dd-bab7-0016179b2dd5mailman -- script insertion vulnerability

Secunia reports:

A vulnerability has been reported in Mailman, which can be exploited by malicious users to conduct script insertion attacks.

Certain input when editing the list templates and the list info attribute is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious website is accessed.


Discovery 2008-02-05
Entry 2008-04-25
ja-mailman
mailman
mailman-with-htdig
lt 2.1.10

CVE-2008-0564
27630
http://www.ubuntu.com/usn/usn-586-1
http://secunia.com/advisories/28794
http://sourceforge.net/project/shownotes.php?release_id=593924
fffa9257-3c17-11db-86ab-00123ffe8333mailman -- Multiple Vulnerabilities

Secunia reports:

Mailman can be exploited by malicious people to conduct cross-site scripting and phishing attacks, and cause a DoS (Denial of Service).

1) An error in the logging functionality can be exploited to inject a spoofed log message into the error log via a specially crafted URL.

Successful exploitation may trick an administrator into visiting a malicious web site.

2) An error in the processing of malformed headers which does not follow the RFC 2231 standard can be exploited to cause a DoS (Denial of Service).

3) Some unspecified input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


Discovery 2006-06-09
Entry 2006-09-04
Modified 2006-10-04
mailman
ja-mailman
mailman-with-htdig
lt 2.1.9.r1

19831
CVE-2006-2191
CVE-2006-2941
CVE-2006-3636
CVE-2006-4624
http://secunia.com/advisories/21732/
http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295