FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-08-01 09:57:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
3d8d3548-9d02-11db-a541-000ae42e9b93	drupal -- multiple vulnerabilities The Drupal security team reports: A few arguments passed via URLs are not properly sanitized before display. When an attacker is able to entice an administrator to follow a specially crafted link, arbitrary HTML and script code can be injected and executed in the victim's session. Such an attack may lead to administrator access if certain conditions are met. The way page caching was implemented allows a denial of service attack. An attacker has to have the ability to post content on the site. He or she would then be able to poison the page cache, so that it returns cached 404 page not found errors for existing pages. If the page cache is not enabled, your site is not vulnerable. The vulnerability only affects sites running on top of MySQL. Discovery 2007-01-05 Entry 2007-01-05 Modified 2010-05-12 drupal > 4.7 lt 4.7.5 < 4.6.11 CVE-2007-0136 http://drupal.org/files/sa-2007-001/advisory.txt http://drupal.org/files/sa-2007-002/advisory.txt

VuXML ID

Description

3d8d3548-9d02-11db-a541-000ae42e9b93

drupal -- multiple vulnerabilities

The Drupal security team reports:

A few arguments passed via URLs are not properly sanitized before display. When an attacker is able to entice an administrator to follow a specially crafted link, arbitrary HTML and script code can be injected and executed in the victim's session. Such an attack may lead to administrator access if certain conditions are met.

The way page caching was implemented allows a denial of service attack. An attacker has to have the ability to post content on the site. He or she would then be able to poison the page cache, so that it returns cached 404 page not found errors for existing pages.

If the page cache is not enabled, your site is not vulnerable. The vulnerability only affects sites running on top of MySQL.

Discovery 2007-01-05
Entry 2007-01-05
Modified 2010-05-12
drupal

> 4.7 lt 4.7.5

< 4.6.11

CVE-2007-0136
http://drupal.org/files/sa-2007-001/advisory.txt
http://drupal.org/files/sa-2007-002/advisory.txt