FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3145faf1-974c-11e0-869e-000c29249b2eikiwiki -- tty hijacking via ikiwiki-mass-rebuild

The IkiWiki development team reports:

Ludwig Nussel discovered a way for users to hijack root's tty when ikiwiki-mass-rebuild was run. Additionally, there was some potential for information disclosure via symlinks.


Discovery 2011-06-08
Entry 2011-06-15
ikiwiki
< 3.20110608

CVE-2011-1408
http://ikiwiki.info/security/#index40h2
7b35a77a-0151-11e7-ae1b-002590263bf5ikiwiki -- authentication bypass vulnerability

ikiwiki reports:

The ikiwiki maintainers discovered further flaws similar to CVE-2016-9646 in the passwordauth plugin's use of CGI::FormBuilder, with a more serious impact:

An attacker who can log in to a site with a password can log in as a different and potentially more privileged user.

An attacker who can create a new account can set arbitrary fields in the user database for that account


Discovery 2017-01-11
Entry 2017-03-05
ikiwiki
< 3.20170111

CVE-2017-0356
https://ikiwiki.info/security/#index48h2
5ed094a0-0150-11e7-ae1b-002590263bf5ikiwiki -- multiple vulnerabilities

Mitre reports:

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made.

When CGI::FormBuilder->field("foo") is called in list context (and in particular in the arguments to a subroutine that takes named arguments), it can return zero or more values for foo from the CGI request, rather than the expected single value. This breaks the usual Perl parsing convention for named arguments, similar to CVE-2014-1572 in Bugzilla (which was caused by a similar API design issue in CGI.pm).


Discovery 2016-12-19
Entry 2017-03-05
ikiwiki
< 3.20161229

CVE-2016-10026
CVE-2016-9645
CVE-2016-9646
https://ikiwiki.info/security/#index46h2
https://ikiwiki.info/security/#index47h2
0297b260-2b3b-11e6-ae88-002590263bf5ikiwiki -- XSS vulnerability

Mitre reports:

Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.


Discovery 2016-05-04
Entry 2016-06-05
ikiwiki
< 3.20160509

CVE-2016-4561
ports/209593