FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  373433
Date:      2014-11-25
Time:      21:42:42Z
Committer: naddy

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f70d09cb-0c46-11db-aac7-000c6ec775d9mambo -- SQL injection vulnerabilities

The Team Mambo reports that two SQL injection vulnerabilities have been found in Mambo. The vulnerabilities exists due to missing sanitation of the title and catid parameters in the weblinks.php page and can lead to execution of arbitrary SQL code.


Discovery 2006-06-19
Entry 2006-07-05
Modified 2006-10-05
mambo
lt 4.5.4

16775
CVE-2006-0871
CVE-2006-1794
CVE-2006-3262
CVE-2006-3263
http://marc.theaimsgroup.com/?l=bugtraq&m=115056811230529
http://secunia.com/advisories/18935/
http://secunia.com/advisories/20745/
http://www.mamboserver.com/?option=com_content&task=view&id=207
http://www.gulftech.org/?node=research&article_id=00104-02242006
8a5770b4-54b5-11db-a5ae-00508d6a62dfmambo -- multiple SQL injection vulnerabilities

James Bercegay reports:

Mambo is vulnerable to an Authentication Bypass issue that is due to an SQL Injection in the login function. The SQL Injection is possible because the $passwd variable is only sanitized when it is not passed as an argument to the function.

Omid reports:

There are several sql injections in Mambo 4.6 RC2 & Joomla 1.0.10 (and maybe other versions):

  • When a user edits a content, the "id" parameter is not checked properly in /components/com_content/content.php, which can cause 2 sql injections.
  • The "limit" parameter in the administration section is not checked. This affects many pages of administration section
  • In the administration section, while editing/creating a user, the "gid" parameter is not checked properly.

Discovery 2006-08-26
Entry 2006-10-05
Modified 2011-06-27
mambo
lt 4.6.5

19719
19734
http://www.gulftech.org/?node=research&article_id=00116-10042006
http://seclists.org/bugtraq/2006/Aug/0491.html
http://www.frsirt.com/english/advisories/2006/3918
http://mamboxchange.com/forum/forum.php?forum_id=7704
http://secunia.com/advisories/21644/
http://secunia.com/advisories/22221/
8a5770b4-54b5-11db-a5ae-00508d6a62dfmambo -- multiple SQL injection vulnerabilities

James Bercegay reports:

Mambo is vulnerable to an Authentication Bypass issue that is due to an SQL Injection in the login function. The SQL Injection is possible because the $passwd variable is only sanitized when it is not passed as an argument to the function.

Omid reports:

There are several sql injections in Mambo 4.6 RC2 & Joomla 1.0.10 (and maybe other versions):

  • When a user edits a content, the "id" parameter is not checked properly in /components/com_content/content.php, which can cause 2 sql injections.
  • The "limit" parameter in the administration section is not checked. This affects many pages of administration section
  • In the administration section, while editing/creating a user, the "gid" parameter is not checked properly.

Discovery 2006-08-26
Entry 2006-10-05
Modified 2011-06-27
mambo
lt 4.6.5

19719
19734
http://www.gulftech.org/?node=research&article_id=00116-10042006
http://seclists.org/bugtraq/2006/Aug/0491.html
http://www.frsirt.com/english/advisories/2006/3918
http://mamboxchange.com/forum/forum.php?forum_id=7704
http://secunia.com/advisories/21644/
http://secunia.com/advisories/22221/
ffb82d3a-610f-11da-8823-00123ffe8333mambo -- "register_globals" emulation layer overwrite vulnerability

A Secunia Advisory reports:

peter MC tachatte has discovered a vulnerability in Mambo, which can be exploited by malicious people to manipulate certain information and compromise a vulnerable system.

The vulnerability is caused due to an error in the "register_globals" emulation layer in "globals.php" where certain arrays used by the system can be overwritten. This can be exploited to include arbitrary files from external and local resources via the "mosConfig_absolute_path" parameter.

Successful exploitation requires that "register_globals" is disabled.


Discovery 2005-11-17
Entry 2005-11-30
mambo
lt 4.5.3

http://www.mamboserver.com/index.php?option=com_content&task=view&id=172&Itemid=1
http://secunia.com/advisories/17622/
ffb82d3a-610f-11da-8823-00123ffe8333mambo -- "register_globals" emulation layer overwrite vulnerability

A Secunia Advisory reports:

peter MC tachatte has discovered a vulnerability in Mambo, which can be exploited by malicious people to manipulate certain information and compromise a vulnerable system.

The vulnerability is caused due to an error in the "register_globals" emulation layer in "globals.php" where certain arrays used by the system can be overwritten. This can be exploited to include arbitrary files from external and local resources via the "mosConfig_absolute_path" parameter.

Successful exploitation requires that "register_globals" is disabled.


Discovery 2005-11-17
Entry 2005-11-30
mambo
lt 4.5.3

http://www.mamboserver.com/index.php?option=com_content&task=view&id=172&Itemid=1
http://secunia.com/advisories/17622/
f70d09cb-0c46-11db-aac7-000c6ec775d9mambo -- SQL injection vulnerabilities

The Team Mambo reports that two SQL injection vulnerabilities have been found in Mambo. The vulnerabilities exists due to missing sanitation of the title and catid parameters in the weblinks.php page and can lead to execution of arbitrary SQL code.


Discovery 2006-06-19
Entry 2006-07-05
Modified 2006-10-05
mambo
lt 4.5.4

16775
CVE-2006-0871
CVE-2006-1794
CVE-2006-3262
CVE-2006-3263
http://marc.theaimsgroup.com/?l=bugtraq&m=115056811230529
http://secunia.com/advisories/18935/
http://secunia.com/advisories/20745/
http://www.mamboserver.com/?option=com_content&task=view&id=207
http://www.gulftech.org/?node=research&article_id=00104-02242006