FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  454837
Date:      2017-11-24
Time:      19:28:57Z
Committer: joneum

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1b93f6fe-e1c1-11e2-948d-6805ca0b3d42phpMyAdmin -- Global variable scope injection

The phpMyAdmin development team reports:

The import.php script was vulnerable to GLOBALS variable injection. Therefore, an attacker could manipulate any configuration parameter.

This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required form.


Discovery 2013-06-30
Entry 2013-06-30
phpMyAdmin
ge 4.0 lt 4.0.4.1

http://www.phpmyadmin.net/home_page/security/PMASA-2013-7.php
CVE-2013-4729
6b97436c-ce1e-11e2-9cb2-6805ca0b3d42phpMyAdmin -- XSS due to unescaped HTML output in Create View page

The phpMyAdmin development team reports:

When creating a view with a crafted name and an incorrect CREATE statement, it is possible to trigger an XSS.

This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required form.


Discovery 2013-06-05
Entry 2013-06-05
phpMyAdmin
ge 4.0 lt 4.0.3

http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php
CVE-2013-3742
17326fd5-fcfb-11e2-9bb9-6805ca0b3d42phpMyAdmin -- clickJacking protection can be bypassed

The phpMyAdmin development team reports:

phpMyAdmin has a number of mechanisms to avoid a clickjacking attack, however these mechanisms either work only in modern browser versions, or can be bypassed.

"We have no solution for 3.5.x, due to the proposed solution requiring JavaScript. We don't want to introduce a dependency to JavaScript in the 3.5.x family."


Discovery 2013-08-04
Entry 2013-08-04
phpMyAdmin
lt 4.0.5

http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php
f4a0212f-f797-11e2-9bb9-6805ca0b3d42phpMyAdmin -- multiple vulnerabilities

The phpMyAdmin development team reports:

XSS due to unescaped HTML Output when executing a SQL query.

5 XSS vulnerabilities in setup, chart display, process list, and logo link.

If a crafted version.json would be presented, an XSS could be introduced.

Full path disclosure vulnerabilities.

XSS vulnerability when a text to link transformation is used.

Self-XSS due to unescaped HTML output in schema export.

SQL injection vulnerabilities, producing a privilege escalation (control user).


Discovery 2013-07-28
Entry 2013-07-28
Modified 2013-07-29
phpMyAdmin
ge 4.0 lt 4.0.4.2

phpMyAdmin35
ge 3.5 lt 3.5.8.2

http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php
http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php
http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php
http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php
http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php
http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php
http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php
http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.5.8.2/phpMyAdmin-3.5.8.2-notes.html/view
http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.4.2/phpMyAdmin-4.0.4.2-notes.html/view