FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-22 18:21:47 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
3fadb7c6-7b0a-11e0-89b4-001ec9578670	mediawiki -- multiple vulnerabilities Mediawiki reports: (Bug 28534) XSS vulnerability for IE 6 clients. This is the third attempt at fixing bug 28235. (Bug 28639) Potential privilege escalation when $wgBlockDisablesLogin is enabled. Discovery 2011-04-14 Entry 2011-05-12 mediawiki < 1.16.5 https://bugzilla.wikimedia.org/show_bug.cgi?id=28534 https://bugzilla.wikimedia.org/show_bug.cgi?id=28639 http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_5/phase3/RELEASE-NOTES
e177c410-1943-11e0-9d1c-000c29ba66d2	mediawiki -- Clickjacking vulnerabilities Clickjacking vulnerabilities: Clickjacking is a type of vulnerability discovered in 2008, which is similar to CSRF. The attack involves displaying the target webpage in a iframe embedded in a malicious website. Using CSS, the submit button of the form on the targeit webpage is made invisible, and then overlaid with some button or link on the malicious website that encourages the user to click on it. Discovery 2011-01-04 Entry 2011-01-06 mediawiki gt 1.16 lt 1.16.1 gt 1.15 lt 1.15.5_1 https://bugzilla.wikimedia.org/show_bug.cgi?id=26561
8d04cfbd-344d-11e0-8669-0025222482c5	mediawiki -- multiple vulnerabilities Medawiki reports: An arbitrary script inclusion vulnerability was discovered. The vulnerability only allows execution of files with names ending in ".php" which are already present in the local filesystem. Only servers running Microsoft Windows and possibly Novell Netware are affected. Despite these mitigating factors, all users are advised to upgrade, since there is a risk of complete server compromise. MediaWiki 1.8.0 and later is affected. Security researcher mghack discovered a CSS injection vulnerability. For Internet Explorer and similar browsers, this is equivalent to an XSS vulnerability, that is to say, it allows the compromise of wiki user accounts. For other browsers, it allows private data such as IP addresses and browsing patterns to be sent to a malicious external web server. It affects all versions of MediaWiki. All users are advised to upgrade. Discovery 2011-02-01 Entry 2011-02-09 mediawiki < 1.16.2 CVE-2011-0047 https://bugzilla.wikimedia.org/show_bug.cgi?id=27094 https://bugzilla.wikimedia.org/show_bug.cgi?id=27093 http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_2/phase3/RELEASE-NOTES http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html

VuXML ID

Description

3fadb7c6-7b0a-11e0-89b4-001ec9578670

mediawiki -- multiple vulnerabilities

Mediawiki reports:

(Bug 28534) XSS vulnerability for IE 6 clients. This is the third attempt at fixing bug 28235.

(Bug 28639) Potential privilege escalation when $wgBlockDisablesLogin is enabled.

Discovery 2011-04-14
Entry 2011-05-12
mediawiki

< 1.16.5

https://bugzilla.wikimedia.org/show_bug.cgi?id=28534
https://bugzilla.wikimedia.org/show_bug.cgi?id=28639
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_5/phase3/RELEASE-NOTES

e177c410-1943-11e0-9d1c-000c29ba66d2

mediawiki -- Clickjacking vulnerabilities

Clickjacking vulnerabilities:

Clickjacking is a type of vulnerability discovered in 2008, which is similar to CSRF. The attack involves displaying the target webpage in a iframe embedded in a malicious website. Using CSS, the submit button of the form on the targeit webpage is made invisible, and then overlaid with some button or link on the malicious website that encourages the user to click on it.

Discovery 2011-01-04
Entry 2011-01-06
mediawiki

gt 1.16 lt 1.16.1

gt 1.15 lt 1.15.5_1

https://bugzilla.wikimedia.org/show_bug.cgi?id=26561

8d04cfbd-344d-11e0-8669-0025222482c5

mediawiki -- multiple vulnerabilities

Medawiki reports:

An arbitrary script inclusion vulnerability was discovered. The vulnerability only allows execution of files with names ending in ".php" which are already present in the local filesystem. Only servers running Microsoft Windows and possibly Novell Netware are affected. Despite these mitigating factors, all users are advised to upgrade, since there is a risk of complete server compromise. MediaWiki 1.8.0 and later is affected.

Security researcher mghack discovered a CSS injection vulnerability. For Internet Explorer and similar browsers, this is equivalent to an XSS vulnerability, that is to say, it allows the compromise of wiki user accounts. For other browsers, it allows private data such as IP addresses and browsing patterns to be sent to a malicious external web server. It affects all versions of MediaWiki. All users are advised to upgrade.

Discovery 2011-02-01
Entry 2011-02-09
mediawiki

< 1.16.2

CVE-2011-0047
https://bugzilla.wikimedia.org/show_bug.cgi?id=27094
https://bugzilla.wikimedia.org/show_bug.cgi?id=27093
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_2/phase3/RELEASE-NOTES
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html