FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  527060
Date:      2020-02-25
Time:      03:07:17Z
Committer: fluffy

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
03e54e42-7ac6-11e5-b35a-002590263bf5Joomla! -- Core - ACL Violation vulnerabilities

The JSST and the Joomla! Security Center report:

[20151003] - Core - ACL Violations

Inadequate ACL checks in com_content provide potential read access to data which should be access restricted.


Discovery 2015-10-22
Entry 2015-10-25
joomla3
ge 3.0.0 lt 3.4.5

CVE-2015-7899
http://developer.joomla.org/security-centre/630-20151003-core-acl-violations.html
https://www.joomla.org/announcements/release-news/5634-joomla-3-4-5-released.html
0ebc6e78-7ac6-11e5-b35a-002590263bf5Joomla! -- Core - SQL Injection/ACL Violation vulnerabilities

The JSST and the Joomla! Security Center report:

[20151001] - Core - SQL Injection

Inadequate filtering of request data leads to a SQL Injection vulnerability.

[20151002] - Core - ACL Violations

Inadequate ACL checks in com_contenthistory provide potential read access to data which should be access restricted.


Discovery 2015-10-22
Entry 2015-10-25
joomla3
ge 3.2.0 lt 3.4.5

CVE-2015-7297
CVE-2015-7857
CVE-2015-7858
CVE-2015-7859
http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html
http://developer.joomla.org/security-centre/629-20151002-core-acl-violations.html
https://www.joomla.org/announcements/release-news/5634-joomla-3-4-5-released.html
3c2549b3-3bed-11e7-a9f0-a4badb296695Joomla3 -- SQL Injection

JSST reports:

Inadequate filtering of request data leads to a SQL Injection vulnerability.


Discovery 2017-05-11
Entry 2017-05-18
joomla3
eq 3.7.0

CVE-2017-8917
https://developer.joomla.org/security-centre/692-20170501-core-sql-injection.html
4158c57e-5d39-11e3-bc1e-6cf0490a8c18Joomla! -- Core XSS Vulnerabilities

The JSST and the Joomla! Security Center report:

[20131101] Core XSS Vulnerability

Inadequate filtering leads to XSS vulnerability in com_contact.

[20131102] Core XSS Vulnerability

Inadequate filtering leads to XSS vulnerability in com_contact, com_weblinks, com_newsfeeds.

[20131103] Core XSS Vulnerability

Inadequate filtering leads to XSS vulnerability in com_contact.


Discovery 2013-11-01
Entry 2013-12-04
Modified 2014-04-23
joomla2
ge 2.5.* le 2.5.14

joomla3
ge 3.0.* le 3.1.5

http://developer.joomla.org/security/570-core-xss-20131101.html
http://developer.joomla.org/security/571-core-xss-20131102.html
http://developer.joomla.org/security/572-core-xss-20131103.html
624b45c0-c7f3-11e6-ae1b-002590263bf5Joomla! -- multiple vulnerabilities

The JSST and the Joomla! Security Center report:

[20161201] - Core - Elevated Privileges

Incorrect use of unfiltered data stored to the session on a form validation failure allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.

[20161202] - Core - Shell Upload

Inadequate filesystem checks allowed files with alternative PHP file extensions to be uploaded.

[20161203] - Core - Information Disclosure

Inadequate ACL checks in the Beez3 com_content article layout override enables a user to view restricted content.


Discovery 2016-12-06
Entry 2016-12-22
joomla3
ge 1.6.0 lt 3.6.5

CVE-2016-9836
CVE-2016-9837
CVE-2016-9838
https://developer.joomla.org/security-centre/664-20161201-core-elevated-privileges.html
https://developer.joomla.org/security-centre/665-20161202-core-shell-upload.html
https://developer.joomla.org/security-centre/666-20161203-core-information-disclosure.html
https://www.joomla.org/announcements/release-news/5693-joomla-3-6-5-released.html
6aa398d0-1c4d-11e9-96dd-a4badb296695joomla3 -- vulnerabilitiesw

JSST reports:

Inadequate escaping in mod_banners leads to a stored XSS vulnerability.

Inadequate escaping in com_contact leads to a stored XSS vulnerability

Inadequate checks at the Global Configuration Text Filter settings allowed a stored XSS.

Inadequate checks at the Global Configuration helpurl settings allowed a stored XSS.


Discovery 2018-12-01
Entry 2019-01-20
joomla3
lt 3.9.2

https://developer.joomla.org/security-centre/760-00190101-core-stored-xss-in-mod-banners.html
CVE-2019-6264
https://developer.joomla.org/security-centre/761-20190102-core-stored-xss-in-com-contact.html
CVE-2019-6261
https://developer.joomla.org/security-centre/762-20190103-core-stored-xss-issue-in-the-global-configuration-textfilter-settings.html
CVE-2019-6263
https://developer.joomla.org/security-centre/763-20190104-core-stored-xss-issue-in-the-global-configuration-help-url.html
CVE-2019-6262
9fa1a0ac-b2e0-11e3-bb07-6cf0490a8c18Joomla! -- Core - Multiple Vulnerabilities

The JSST and the Joomla! Security Center report:

[20140301] - Core - SQL Injection

Inadequate escaping leads to SQL injection vulnerability.

[20140302] - Core - XSS Vulnerability

Inadequate escaping leads to XSS vulnerability in com_contact.

[20140303] - Core - XSS Vulnerability

Inadequate escaping leads to XSS vulnerability.

[20140304] - Core - Unauthorised Logins

Inadequate checking allowed unauthorised logins via GMail authentication.


Discovery 2014-03-01
Entry 2014-03-23
Modified 2014-04-30
joomla2
ge 2.5.* le 2.5.18

joomla3
ge 3.0.* le 3.2.2

http://developer.joomla.org/security/578-20140301-core-sql-injection.html
http://developer.joomla.org/security/579-20140302-core-xss-vulnerability.html
http://developer.joomla.org/security/580-20140303-core-xss-vulnerability.html
http://developer.joomla.org/security/581-20140304-core-unauthorised-logins.html
a27d234a-c7f2-11e6-ae1b-002590263bf5Joomla! -- multiple vulnerabilities

The JSST and the Joomla! Security Center report:

[20161001] - Core - Account Creation

Inadequate checks allows for users to register on a site when registration has been disabled.

[20161002] - Core - Elevated Privilege

Incorrect use of unfiltered data allows for users to register on a site with elevated privileges.

[20161003] - Core - Account Modifications

Incorrect use of unfiltered data allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments.


Discovery 2016-10-25
Entry 2016-12-22
joomla3
ge 3.4.4 lt 3.6.4

CVE-2016-8869
CVE-2016-8870
CVE-2016-9081
https://developer.joomla.org/security-centre/659-20161001-core-account-creation.html
https://developer.joomla.org/security-centre/660-20161002-core-elevated-privileges.html
https://developer.joomla.org/security-centre/661-20161003-core-account-modifications.html
https://www.joomla.org/announcements/release-news/5678-joomla-3-6-4-released.html
a9f60ce8-a4e0-11e5-b864-14dae9d210b8joomla -- multiple vulnerabilities

The JSST and the Joomla! Security Center report:

[20151201] - Core - Remote Code Execution Vulnerability

Browser information is not filtered properly while saving the session values into the database which leads to a Remote Code Execution vulnerability.

[20151202] - Core - CSRF Hardening

Add additional CSRF hardening in com_templates.

[20151203] - Core - Directory Traversal

Failure to properly sanitize input data from the XML install file located within an extension's package archive allows for directory traversal.

[20151204] - Core - Directory Traversal

Inadequate filtering of request data leads to a Directory Traversal vulnerability.


Discovery 2015-12-14
Entry 2015-12-17
Modified 2016-12-22
joomla3
lt 3.4.6

https://www.joomla.org/announcements/release-news/5641-joomla-3-4-6-released.html
CVE-2015-8562
CVE-2015-8563
CVE-2015-8564
CVE-2015-8565
https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html
https://developer.joomla.org/security-centre/633-20151214-core-csrf-hardening.html
https://developer.joomla.org/security-centre/634-20151214-core-directory-traversal.html
https://developer.joomla.org/security-centre/635-20151214-core-directory-traversal-2.html
adbb32d9-7ac5-11e5-b35a-002590263bf5Joomla! -- Core - XSS Vulnerability

The JSST and the Joomla! Security Center report:

[20140901] - Core - XSS Vulnerability

Inadequate escaping leads to XSS vulnerability in com_media.


Discovery 2014-09-23
Entry 2015-10-25
joomla3
ge 3.2.0 lt 3.2.5

ge 3.3.0 lt 3.3.4

CVE-2014-6631
http://developer.joomla.org/security-centre/593-20140901-core-xss-vulnerability.html
https://www.joomla.org/announcements/release-news/5564-joomla-3-3-4-released.html
beb3d5fc-7ac5-11e5-b35a-002590263bf5Joomla! -- Core - Unauthorized Login vulnerability

The JSST and the Joomla! Security Center report:

[20140902] - Core - Unauthorized Logins

Inadequate checking allowed unauthorized logins via LDAP authentication.


Discovery 2014-09-23
Entry 2015-10-25
joomla3
lt 3.2.5

ge 3.3.0 lt 3.3.4

joomla2
lt 2.5.25

CVE-2014-6632
http://developer.joomla.org/security-centre/594-20140902-core-unauthorised-logins.html
https://www.joomla.org/announcements/release-news/5564-joomla-3-3-4-released.html
https://www.joomla.org/announcements/release-news/5563-joomla-2-5-25-released.html
bf2b9c56-b93e-11e8-b2a8-a4badb296695joomla3 -- vulnerabilitiesw

JSST reports: Multiple low-priority Vulnerabilities

Inadequate checks in the InputFilter class could allow specifically prepared PHAR files to pass the upload filter.

Inadequate output filtering on the user profile page could lead to a stored XSS attack.

Inadequate checks regarding disabled fields can lead to an ACL violation.


Discovery 2018-08-23
Entry 2018-09-15
joomla3
lt 3.8.12

CVE-2018-15860
CVE-2018-15881
CVE-2018-15882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15882
https://developer.joomla.org/security-centre/743-20180801-core-hardening-the-inputfilter-for-phar-stubs.html
https://developer.joomla.org/security-centre/744-20180802-core-stored-xss-vulnerability-in-the-frontend-profile.html
https://developer.joomla.org/security-centre/745-20180803-core-acl-violation-in-custom-fields.html
c0ef061a-c7f0-11e6-ae1b-002590263bf5Joomla! -- multiple vulnerabilities

The JSST and the Joomla! Security Center report:

[20151206] - Core - Session Hardening

The Joomla Security Strike team has been following up on the critical security vulnerability patched last week. Since the recent update it has become clear that the root cause is a bug in PHP itself. This was fixed by PHP in September of 2015 with the releases of PHP 5.4.45, 5.5.29, 5.6.13 (Note that this is fixed in all versions of PHP 7 and has been back-ported in some specific Linux LTS versions of PHP 5.3). This fixes the bug across all supported PHP versions.

[20151207] - Core - SQL Injection

Inadequate filtering of request data leads to a SQL Injection vulnerability.


Discovery 2015-12-21
Entry 2016-12-22
joomla3
ge 1.5.0 lt 3.4.7

https://developer.joomla.org/security-centre/639-20151206-core-session-hardening.html
https://developer.joomla.org/security-centre/640-20151207-core-sql-injection.html
https://www.joomla.org/announcements/release-news/5643-joomla-3-4-7.html
cec4d01a-7ac5-11e5-b35a-002590263bf5Joomla! -- Core - Remote File Execution/Denial of Service vulnerabilities

The JSST and the Joomla! Security Center report:

[20140903] - Core - Remote File Inclusion

Inadequate checking allowed the potential for remote files to be executed.

[20140904] - Core - Denial of Service

Inadequate checking allowed the potential for a denial of service attack.


Discovery 2014-09-30
Entry 2015-10-25
joomla3
lt 3.2.6

ge 3.3.0 lt 3.3.5

joomla2
ge 2.5.4 lt 2.5.26

CVE-2014-7228
CVE-2014-7229
http://developer.joomla.org/security-centre/595-20140903-core-remote-file-inclusion.html
http://developer.joomla.org/security-centre/596-20140904-core-denial-of-service.html
https://www.joomla.org/announcements/release-news/5567-joomla-3-3-5-released.html
https://www.joomla.org/announcements/release-news/5566-joomla-2-5-26-released.html
deaba148-7ac5-11e5-b35a-002590263bf5Joomla! -- Core - Open Redirect vulnerability

The JSST and the Joomla! Security Center report:

[20150601] - Core - Open Redirect

Inadequate checking of the return value allowed to redirect to an external page.


Discovery 2015-06-30
Entry 2015-10-25
joomla3
ge 3.0.0 lt 3.4.2

CVE-2015-5608
http://developer.joomla.org/security-centre/617-20150601-core-open-redirect.html
https://www.joomla.org/announcements/release-news/5589-joomla-3-4-2-released.html
ec2d1cfd-7ac5-11e5-b35a-002590263bf5Joomla! -- Core - CSRF Protection vulnerabilities

The JSST and the Joomla! Security Center report:

[20150602] - Core - CSRF Protection

Lack of CSRF checks potentially enabled uploading malicious code.


Discovery 2015-06-30
Entry 2015-10-25
joomla3
ge 3.2.0 lt 3.4.2

CVE-2015-5397
http://developer.joomla.org/security-centre/618-20150602-core-remote-code-execution.html
https://www.joomla.org/announcements/release-news/5589-joomla-3-4-2-released.html
f0806cad-c7f1-11e6-ae1b-002590263bf5Joomla! -- multiple vulnerabilities

The JSST and the Joomla! Security Center report:

[20160801] - Core - ACL Violation

Inadequate ACL checks in com_content provide potential read access to data which should be access restricted to users with edit_own level.

[20160802] - Core - XSS Vulnerability

Inadequate escaping leads to XSS vulnerability in mail component.

[20160803] - Core - CSRF

Add additional CSRF hardening in com_joomlaupdate.


Discovery 2016-08-03
Entry 2016-12-22
joomla3
ge 1.6.0 lt 3.6.1

https://developer.joomla.org/security-centre/652-20160801-core-core-acl-violations.html
https://developer.joomla.org/security-centre/653-20160802-core-xss-vulnerability.html
https://developer.joomla.org/security-centre/654-20160803-core-csrf.html
https://www.joomla.org/announcements/release-news/5665-joomla-3-6-1-released.html
f8c37915-7ac5-11e5-b35a-002590263bf5Joomla! -- Core - XSS Vulnerability

The JSST and the Joomla! Security Center report:

[20150908] - Core - XSS Vulnerability

Inadequate escaping leads to XSS vulnerability in login module.


Discovery 2015-09-08
Entry 2015-10-25
joomla3
ge 3.4.0 lt 3.4.4

CVE-2015-6939
http://developer.joomla.org/security-centre/626-20150908-core-xss-vulnerability.html
https://www.joomla.org/announcements/release-news/5628-joomla-3-4-4-released.html