FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  374826
Date:      2014-12-16
Time:      22:06:31Z
Committer: cs

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f70d09cb-0c46-11db-aac7-000c6ec775d9mambo -- SQL injection vulnerabilities

The Team Mambo reports that two SQL injection vulnerabilities have been found in Mambo. The vulnerabilities exists due to missing sanitation of the title and catid parameters in the weblinks.php page and can lead to execution of arbitrary SQL code.


Discovery 2006-06-19
Entry 2006-07-05
Modified 2006-10-05
mambo
lt 4.5.4

16775
CVE-2006-0871
CVE-2006-1794
CVE-2006-3262
CVE-2006-3263
http://marc.theaimsgroup.com/?l=bugtraq&m=115056811230529
http://secunia.com/advisories/18935/
http://secunia.com/advisories/20745/
http://www.mamboserver.com/?option=com_content&task=view&id=207
http://www.gulftech.org/?node=research&article_id=00104-02242006
8a5770b4-54b5-11db-a5ae-00508d6a62dfmambo -- multiple SQL injection vulnerabilities

James Bercegay reports:

Mambo is vulnerable to an Authentication Bypass issue that is due to an SQL Injection in the login function. The SQL Injection is possible because the $passwd variable is only sanitized when it is not passed as an argument to the function.

Omid reports:

There are several sql injections in Mambo 4.6 RC2 & Joomla 1.0.10 (and maybe other versions):

  • When a user edits a content, the "id" parameter is not checked properly in /components/com_content/content.php, which can cause 2 sql injections.
  • The "limit" parameter in the administration section is not checked. This affects many pages of administration section
  • In the administration section, while editing/creating a user, the "gid" parameter is not checked properly.

Discovery 2006-08-26
Entry 2006-10-05
Modified 2011-06-27
mambo
lt 4.6.5

19719
19734
http://www.gulftech.org/?node=research&article_id=00116-10042006
http://seclists.org/bugtraq/2006/Aug/0491.html
http://www.frsirt.com/english/advisories/2006/3918
http://mamboxchange.com/forum/forum.php?forum_id=7704
http://secunia.com/advisories/21644/
http://secunia.com/advisories/22221/
8a5770b4-54b5-11db-a5ae-00508d6a62dfmambo -- multiple SQL injection vulnerabilities

James Bercegay reports:

Mambo is vulnerable to an Authentication Bypass issue that is due to an SQL Injection in the login function. The SQL Injection is possible because the $passwd variable is only sanitized when it is not passed as an argument to the function.

Omid reports:

There are several sql injections in Mambo 4.6 RC2 & Joomla 1.0.10 (and maybe other versions):

  • When a user edits a content, the "id" parameter is not checked properly in /components/com_content/content.php, which can cause 2 sql injections.
  • The "limit" parameter in the administration section is not checked. This affects many pages of administration section
  • In the administration section, while editing/creating a user, the "gid" parameter is not checked properly.

Discovery 2006-08-26
Entry 2006-10-05
Modified 2011-06-27
mambo
lt 4.6.5

19719
19734
http://www.gulftech.org/?node=research&article_id=00116-10042006
http://seclists.org/bugtraq/2006/Aug/0491.html
http://www.frsirt.com/english/advisories/2006/3918
http://mamboxchange.com/forum/forum.php?forum_id=7704
http://secunia.com/advisories/21644/
http://secunia.com/advisories/22221/
f70d09cb-0c46-11db-aac7-000c6ec775d9mambo -- SQL injection vulnerabilities

The Team Mambo reports that two SQL injection vulnerabilities have been found in Mambo. The vulnerabilities exists due to missing sanitation of the title and catid parameters in the weblinks.php page and can lead to execution of arbitrary SQL code.


Discovery 2006-06-19
Entry 2006-07-05
Modified 2006-10-05
mambo
lt 4.5.4

16775
CVE-2006-0871
CVE-2006-1794
CVE-2006-3262
CVE-2006-3263
http://marc.theaimsgroup.com/?l=bugtraq&m=115056811230529
http://secunia.com/advisories/18935/
http://secunia.com/advisories/20745/
http://www.mamboserver.com/?option=com_content&task=view&id=207
http://www.gulftech.org/?node=research&article_id=00104-02242006