FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
28c9243a-72ed-11da-8c1d-000e0c2e438a	phpbb -- multiple vulnerabilities Multiple vulnerabilities have been reported within phpbb. phpbb is proven vulnerable to: script insertion, bypassing of protetion mechanisms, multiple cross site scripting vulnerabilities, SQL injection, arbitrary code execution Discovery 2005-10-24 Entry 2006-02-16 phpbb zh-phpbb-tw < 2.0.18 15170 15243 CVE-2005-3310 CVE-2005-3415 CVE-2005-3416 CVE-2005-3417 CVE-2005-3418 CVE-2005-3419 CVE-2005-3420 CVE-2005-3536 CVE-2005-3537 http://marc.theaimsgroup.com/?l=bugtraq&m=113017003617987 http://www.hardened-php.net/advisory_172005.75.html
86526ba4-53c8-11db-8f1a-000a48049292	phpbb -- NULL byte injection vulnerability Secunia reports: ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the "avatar_path" parameter in admin/admin_board.php is not properly sanitised before being used as a configuration variable to store avatar images. This can be exploited to upload and execute arbitrary PHP code by changing "avatar_path" to a file with a trailing NULL byte. Successful exploitation requires privileges to the administration section. Discovery 2006-09-12 Entry 2006-10-04 Modified 2006-12-24 phpbb zh-phpbb-tw < 2.0.22 20347 CVE-2006-4758 http://secunia.com/advisories/22188/ http://xforce.iss.net/xforce/xfdb/28884 http://www.security.nnov.ru/Odocument221.html

VuXML ID

Description

28c9243a-72ed-11da-8c1d-000e0c2e438a

phpbb -- multiple vulnerabilities

Multiple vulnerabilities have been reported within phpbb. phpbb is proven vulnerable to:

script insertion,
bypassing of protetion mechanisms,
multiple cross site scripting vulnerabilities,
SQL injection,
arbitrary code execution

Discovery 2005-10-24
Entry 2006-02-16
phpbb
zh-phpbb-tw

< 2.0.18

15170
15243
CVE-2005-3310
CVE-2005-3415
CVE-2005-3416
CVE-2005-3417
CVE-2005-3418
CVE-2005-3419
CVE-2005-3420
CVE-2005-3536
CVE-2005-3537
http://marc.theaimsgroup.com/?l=bugtraq&m=113017003617987
http://www.hardened-php.net/advisory_172005.75.html

86526ba4-53c8-11db-8f1a-000a48049292

phpbb -- NULL byte injection vulnerability

Secunia reports:

ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system.

Input passed to the "avatar_path" parameter in admin/admin_board.php is not properly sanitised before being used as a configuration variable to store avatar images. This can be exploited to upload and execute arbitrary PHP code by changing "avatar_path" to a file with a trailing NULL byte.

Successful exploitation requires privileges to the administration section.

Discovery 2006-09-12
Entry 2006-10-04
Modified 2006-12-24
phpbb
zh-phpbb-tw

< 2.0.22

20347
CVE-2006-4758
http://secunia.com/advisories/22188/
http://xforce.iss.net/xforce/xfdb/28884
http://www.security.nnov.ru/Odocument221.html