FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
28c9243a-72ed-11da-8c1d-000e0c2e438aphpbb -- multiple vulnerabilities

Multiple vulnerabilities have been reported within phpbb. phpbb is proven vulnerable to:

  • script insertion,
  • bypassing of protetion mechanisms,
  • multiple cross site scripting vulnerabilities,
  • SQL injection,
  • arbitrary code execution

Discovery 2005-10-24
Entry 2006-02-16
phpbb
zh-phpbb-tw
< 2.0.18

15170
15243
CVE-2005-3310
CVE-2005-3415
CVE-2005-3416
CVE-2005-3417
CVE-2005-3418
CVE-2005-3419
CVE-2005-3420
CVE-2005-3536
CVE-2005-3537
http://marc.theaimsgroup.com/?l=bugtraq&m=113017003617987
http://www.hardened-php.net/advisory_172005.75.html
4afacca1-eb9d-11d9-a8bd-000cf18bbe54phpbb -- remote PHP code execution vulnerability

FrSIRT Advisory reports:

A vulnerability was identified in phpBB, which may be exploited by attackers to compromise a vulnerable web server. This flaw is due to an input validation error in the "viewtopic.php" script that does not properly filter the "highlight" parameter before calling the "preg_replace()" function, which may be exploited by remote attackers to execute arbitrary PHP commands with the privileges of the web server.


Discovery 2005-06-28
Entry 2005-07-03
Modified 2005-07-07
phpbb
< 2.0.16

CVE-2005-2086
http://www.frsirt.com/english/advisories/2005/0904
http://www.phpbb.com/phpBB/viewtopic.php?t=302011
86526ba4-53c8-11db-8f1a-000a48049292phpbb -- NULL byte injection vulnerability

Secunia reports:

ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system.

Input passed to the "avatar_path" parameter in admin/admin_board.php is not properly sanitised before being used as a configuration variable to store avatar images. This can be exploited to upload and execute arbitrary PHP code by changing "avatar_path" to a file with a trailing NULL byte.

Successful exploitation requires privileges to the administration section.


Discovery 2006-09-12
Entry 2006-10-04
Modified 2006-12-24
phpbb
zh-phpbb-tw
< 2.0.22

20347
CVE-2006-4758
http://secunia.com/advisories/22188/
http://xforce.iss.net/xforce/xfdb/28884
http://www.security.nnov.ru/Odocument221.html