FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3c957a3e-2978-11e1-89b4-001ec9578670typo3 -- Remote Code Execution

The typo3 security team reports:

A crafted request to a vulnerable TYPO3 installation will allow an attacker to load PHP code from an external source and to execute it on the TYPO3 installation.

This is caused by a PHP file, which is part of the workspaces system extension, that does not validate passed arguments.


Discovery 2011-12-16
Entry 2011-12-18
typo3
ge 4.6 lt 4.6.2

< 4.5.9

CVE-2011-4614
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/
3caf4e6c-4cef-11e6-a15f-00248c0c745dtypo3 -- Missing access check in Extbase

TYPO3 reports:

Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. The missing access check inevitably leads to information disclosure or remote code execution, depending on the action that an attacker is able to execute.


Discovery 2016-05-24
Entry 2016-07-18
typo3
< 7.6.8

typo3-lts
< 6.2.24

CVE-2016-5091
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/
https://wiki.typo3.org/TYPO3_CMS_7.6.8
https://wiki.typo3.org/TYPO3_CMS_6.2.24
67516177-88ec-11e1-9a10-0023ae8e59f0typo -- Cross-Site Scripting

Typo Security Team reports:

Failing to properly encode the output, the default TYPO3 Exception Handler is susceptible to Cross-Site Scripting. We are not aware of a possibility to exploit this vulnerability without third party extensions being installed that put user input in exception messages. However, it has come to our attention that extensions using the extbase MVC framework can be used to exploit this vulnerability if these extensions accept objects in controller actions.


Discovery 2012-04-17
Entry 2012-04-18
typo3
ge 4.6.0 le 4.6.7

ge 4.5.0 le 4.5.14

ge 4.4.0 le 4.4.14

CVE-2012-2112
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/
a0d77bc8-c6a7-11e5-96d6-14dae9d210b8typo3 -- multiple vulnerabilities

TYPO3 Security Team reports:

It has been discovered that TYPO3 CMS is susceptible to Cross-Site Scripting and Cross-Site Flashing.


Discovery 2015-12-15
Entry 2016-01-29
typo3
< 7.6.1

typo3-lts
< 6.2.16

http://lists.typo3.org/pipermail/typo3-announce/2015/000351.html
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-010/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-014/
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-015/