| non port: security/vuxml/vuln.xml |
Number of commits found: 6273 (showing only 100 on this page) |
|
Monday, 10 Jul 2006
|
22:38 simon 
Document samba -- memory exhaustion DoS in smbd.
 |
11:48 simon
- For the latest trac entry include information from the release
announcements about setups which are not affected. To avoid having
to reference two documents simply reference the release notes for
all the information (it's basically the same as the changelog with
slightly different wording).
- Add a modified date tag.
|
08:56 simon
Document twiki -- multiple file extensions file upload vulnerability.
|
08:39 simon
Improve markup for last entry. No content change.
|
|
Sunday, 9 Jul 2006
|
23:31 kuriyama
Add trac DoS.
|
|
Wednesday, 5 Jul 2006
|
17:45 thierry
Add an entry for Horde's latest vulnerabilities.
|
17:30 simon
Document mambo -- SQL injection vulnerabilities.
|
|
Monday, 3 Jul 2006
|
12:45 miwi
Document phpmyadmin -- cross site scripting vulnerability
Approved by: markus (co mentor)
|
|
Sunday, 2 Jul 2006
|
13:09 remko
Document webmin, usermin -- arbitrary file disclosure vulnerability.
Details are unknown, all sources talk about an "unspecified" vulnerability.
|
|
Saturday, 1 Jul 2006
|
12:19 shaun
Document mutt -- Remote Buffer Overflow Vulnerability.
Approved by: ahze (mentor)
|
|
Friday, 30 Jun 2006
|
22:48 miwi
Document joomla -- multiple vulnerabilities
Approved by: markus (co mentor)
|
|
Tuesday, 27 Jun 2006
|
19:55 remko
Document hashcash -- heap overflow vulnerability.
|
|
Sunday, 25 Jun 2006
|
18:39 simon
Document gnupg -- user id integer overflow vulnerability.
|
|
Friday, 23 Jun 2006
|
08:32 simon
Document opera -- JPEG processing integer overflow vulnerability.
|
|
Saturday, 17 Jun 2006
|
14:36 remko
Update the webcalendar entry, use alphabetic sorting, no functional
change of information.
|
07:11 thierry
Add an entry for Horde's latest XSS vulnerabilities.
|
|
Friday, 16 Jun 2006
|
22:38 simon
Add webcalendar -- information disclosure vulnerability.
PR: ports/98993
Submitted by: Gregory C. Larkin <glarkin@sourcehosting.net>
|
|
Wednesday, 14 Jun 2006
|
16:30 remko
Add FreeBSD-SA-06:17.sendmail to the VuXML database.
|
|
Monday, 12 Jun 2006
|
15:41 remko
Bump modification date in the last entry and earn my own pointyhat.
Forgotten by/pointyhat: remko
|
15:26 remko
Fix the latest entry by using the entity for &, this passes make validate.
Reported by: Michal Kaps <michal at ionic dot co dot uk>
Pointyhat by: aaron, (tobez implicit)
|
06:22 aaron
- Added multiple dokuwiki vulnerabilities
Approved by: tobez
|
|
Sunday, 11 Jun 2006
|
12:55 nobutaka
Add an entry for libxine -- buffer overflow vulnerability.
|
|
Friday, 9 Jun 2006
|
13:32 remko
Document FreeBSD-SA-06:15.ypserv and FreeBSD-SA-06:16.smbfs.
Add the proper freebsdsa tag for older entries and bump
their modification date.
|
|
Thursday, 8 Jun 2006
|
17:10 remko
Document two freeradius issues, one newer and one older issue:
freeradius -- multiple vulnerabilities
freeradius -- authentication bypass vulnerability
|
12:21 ehaupt
Mark graphics/fractorama 1.6.7_1 "clean". This port now links against libtiff
from ports.
Approved by: simon (secteam)
|
|
Wednesday, 7 Jun 2006
|
18:51 simon
The awstats port has PORTEPOCH bumped, so update the vuxml entry awstats
-- arbitrary command execution vulnerability to reflect that.
|
|
Tuesday, 6 Jun 2006
|
10:55 simon
Mark squirrelmail-1.4.6_1 as fixed for squirrelmail -- plugin.php
local file inclusion vulnerability.
|
|
Monday, 5 Jun 2006
|
20:18 simon
Document squirrelmail -- plugin.php local file inclusion vulnerability.
|
19:57 simon
Document dokuwiki -- spellchecker remote PHP code execution.
|
19:48 simon
Document drupal -- multiple vulnerabilities.
|
|
Thursday, 1 Jun 2006
|
18:30 mnag
- Add last two MySQL vulnerabilities
MySQL -- SQL-injection security vulnerability
MySQL -- Information Disclosure and Buffer Overflow Vulnerabilities
|
|
Tuesday, 23 May 2006
|
19:23 simon
Document frontpage -- cross site scripting vulnerability and point
FORBIDDEN from the frontpage ports at it.
While this is "only" a cross site scripting vulnerability it has some
rather serious implications which can allow an attacker to take over a
web site, so I'm keeping FORBIDDEN.
|
15:20 mnag
cscope -- buffer overflow vulnerabilities
|
|
Monday, 22 May 2006
|
15:25 mnag
coppermine -- Multiple File Extensions Vulnerability
coppermine -- "file" Local File Inclusion Vulnerability
coppermine -- File Inclusion Vulnerabilities
|
|
Sunday, 21 May 2006
|
01:02 mnag
phpmyadmin -- XSRF vulnerabilities
|
|
Thursday, 18 May 2006
|
21:19 pav
- Normalize the topic of last entry
Requested by: remko
|
16:12 pav
- Add VuXML entry for vnc 4.1.1
|
|
Sunday, 14 May 2006
|
03:57 mnag
- Add vulnerabilities in last topic.
|
03:56 mnag
phpldapadmin -- Cross-Site Scripting and Script Insertion
|
|
Thursday, 11 May 2006
|
19:17 tobez
Modify the entry for p5-DBI insecure temporary files creation to reflect
the fact that version 1.37_1 of p5-DBI-137 is OK now.
Reviewed by: simon
|
|
Saturday, 6 May 2006
|
10:56 kuriyama
Add www/fswiki vulnerability.
|
|
Friday, 5 May 2006
|
22:24 simon
- Add missing s in latest awstats entry's title.
- Document mysql50-server -- COM_TABLE_DUMP arbitrary code execution.
|
21:39 mnag
- Cancel last rsync entry. Does not affect FreeBSD port.
Notified by: simon, pav
Discussed with: simon
|
20:45 simon
Document awstat -- arbitrary command execution vulnerability.
Fix a incorrect use of cvename in the latest firefox entry, which I
missed when reviewing the entry (and which make validate did not / can
not catch).
|
|
Wednesday, 3 May 2006
|
20:14 mnag
phpwebftp -- "language" Local File Inclusion
|
08:00 vd
Document firefox -- denial of service vulnerability
Reviewed by: simon
|
01:01 mnag
trac -- Wiki Macro Script Insertion Vulnerability
|
00:56 mnag
rsync -- "xattrs.diff" Patch Integer Overflow Vulnerability
|
00:45 mnag
clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability
|
|
Monday, 1 May 2006
|
15:09 mnag
- Add last jabberd entry:
jabberd -- SASL Negotiation Denial of Service Vulnerability
|
|
Thursday, 27 Apr 2006
|
11:12 simon
Also mark linux-seamonkey vulnerable to recent mozilla
vulnerabilities.
Reported by: Andrew Pantyukhin infofarmer at gmail dotty com
|
04:30 mnag
cacti -- ADOdb "server.php" Insecure Test Script Security Issue
|
03:48 mnag
amaya -- Attribute Value Buffer Overflow Vulnerabilities
|
03:22 mnag
lifetype -- ADOdb "server.php" Insecure Test Script Security Issue
|
02:46 mnag
ethereal -- Multiple Protocol Dissector Vulnerabilities
|
|
Tuesday, 25 Apr 2006
|
20:57 remko
My 100th commit to the vuln.xml file:
- Document Asterisk -- denial of service vulnerability, local system access.
|
17:40 anholt
Change paraview checks to be < 2.4.3 now that paraview uses system libtiff.
|
|
Sunday, 23 Apr 2006
|
21:46 remko
Document zgv, xzgv -- heap overflow vulnerability.
|
14:14 remko
Document crossfire-server -- denial of service and remote code execution
vulnerability.
|
10:25 remko
Document p5-DBI -- insecure temporary file creation vulnerability.
|
09:58 remko
Document wordpress -- full path disclosure.
|
09:35 remko
Document xine -- multiple remote string vulnerabilities.
|
|
Friday, 21 Apr 2006
|
16:51 ume
Add an entry for cyrus-sasl -- DIGEST-MD5 Pre-Authentication
Denial of Service.
|
|
Wednesday, 19 Apr 2006
|
17:53 remko
Also mark all other versions of FreeBSD (That were released) as
vulnerable.
Noticed by: brueffer
Discussed with: brueffer, simon
|
17:36 remko
Add FreeBSD -- FPU information disclosure (SA-06:14) to the
vuxml list.
|
|
Tuesday, 18 Apr 2006
|
19:39 simon
Add some CERT references to latest Mozilla entry.
|
13:48 mnag
plone -- "member_id" Parameter Portrait Manipulation Vulnerability
|
|
Sunday, 16 Apr 2006
|
22:02 simon
Fix copy/paste error in last commit and mark linux-mozilla < 1.7.13 as
vulnerable.
|
21:52 simon
Document mozilla/firefox/thunderbirds's latest attempt at Internet
Explorer compatibility.
Note that I omitted marking some really old mozilla versions as
vulnerable this time, since there is already a bunch of entries
covering these versions (which haven't been in ports for a while).
|
13:00 ehaupt
Update entry for sysutils/heartbeat. The insecure temporary file creation
vulnerability is fixed in 1.2.4.
Approved by: secteam (simon)
|
01:52 mnag
mailman -- Private Archive Script Cross-Site Scripting
|
|
Monday, 10 Apr 2006
|
19:11 remko
Document f2c -- insecure temporary files.
It is not very clear to me to see what version is fixed. The one fixing
this port should import the latest available one which is fixed.
|
|
Saturday, 8 Apr 2006
|
14:53 mnag
mplayer -- Multiple integer overflows
|
|
Friday, 7 Apr 2006
|
14:15 mnag
- Add Secunia references for last phpMyAdmin issue.
|
11:23 remko
Document kaffeine -- buffer overflow vulnerability.
|
10:38 remko
Document thunderbird -- javascript execution.
|
|
Thursday, 6 Apr 2006
|
17:30 remko
Update the latest zoo entry to match the latest update to the port.
This will mark zoo-2.10.1_2 and later as not vulnerable for this
issue.
|
16:44 mnag
phpmyadmin -- XSS vulnerabilities
phpmyadmin -- 'set_theme' Cross-Site Scripting
|
15:30 mnag
clamav -- Multiple Vulnerabilities
|
04:47 remko
Add cvename to the recent OpenVPN entry.
Submitted by: Matthias Andree <matthias dot andree at gmx dot de>
|
|
Wednesday, 5 Apr 2006
|
20:00 remko
Document mediawiki -- hardcoded placeholder string security bypass
vulnerability.
|
19:50 remko
Document netpbm -- buffer overflow in pnmtopng.
|
19:23 remko
Document zoo -- stack based buffer overflow.
|
19:02 remko
Document mediawiki -- cross site scripting vulnerability.
|
17:37 mnag
dia -- XFig Import Plugin Buffer Overflow
|
14:57 mnag
openvpn -- LD_PRELOAD code execution on client through malicious or compromised
server
PR: 95343
Submitted by: Matthias Andree <matthias.andree__gmx.de>
|
04:33 mnag
samba -- Exposure of machine account credentials in winbind log files
|
03:46 brooks
Upgrade pubcookie from 3.3.0-beta2 to 3.3.0a fixing serious XSS
vulnerabilities.
|
|
Saturday, 1 Apr 2006
|
05:01 edwin
Fill in the version numbers for the vids
6e3b12e2-6ce3-11da-b90c-000e0c2e438a and
82a41084-6ce7-11da-b90c-000e0c2e438a to show which Mantis versions
are vulnerable.
Submitted by: In cooperation with dvl
|
|
Thursday, 30 Mar 2006
|
06:53 simon
For horde -- remote code execution vulnerability in the help viewer
entry:
- Add more references.
- Reformat description to follow normal formatting style better.
- Remove a redundant line in the description to make the meaning more
clear.
|
|
Wednesday, 29 Mar 2006
|
19:08 mnag
freeradius -- EAP-MSCHAPv2 Authentication Bypass
|
|
Tuesday, 28 Mar 2006
|
18:13 thierry
Add an entry about Horde's remote code execution vulnerability in the
help viewer.
|
|
Monday, 27 Mar 2006
|
19:06 mnag
linux-realplayer -- buffer overrun
linux-realplayer -- heap overflow
Reviewed by: simon
|
|
Friday, 24 Mar 2006
|
18:02 remko
s/8 spaces/tab/ in the sendmail entry.
Noticed by: simon
|
17:10 remko
Record that our sendmail port was also vulnerable.
Bump modification date.
|
13:08 remko
Update the 'Evolution - remote format string vulnerabilities' entry.
|
12:25 remko
Document the latest three FreeBSD Security Advisories:
SA-06:13
SA-06:12
SA-06:11
|
|
Tuesday, 21 Mar 2006
|
17:05 lesi
xorg-server -- privilege escalation
Reviewed by: simon
|
|
Monday, 20 Mar 2006
|
15:21 mnag
- heimdal -- Multiple vulnerabilities
Reviewed by: simon
|
12:58 vd
Document ftp/curl's TFTP packet buffer overflow vulnerability
Reworked by: simon
Approved by: security-officer (simon)
|
Number of commits found: 6273 (showing only 100 on this page) |
As an Amazon Associate I earn from qualifying purchases.