FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
694da5b4-5877-11df-8d80-0015587e2cc1mediawiki -- authenticated CSRF vulnerability

A MediaWiki security announcement reports:

MediaWiki was found to be vulnerable to login CSRF. An attacker who controls a user account on the target wiki can force the victim to log in as the attacker, via a script on an external website.

If the wiki is configured to allow user scripts, say with "$wgAllowUserJs = true" in LocalSettings.php, then the attacker can proceed to mount a phishing-style attack against the victim to obtain their password.


Discovery 2010-04-07
Entry 2010-05-05
mediawiki
< 1.15.3

CVE-2010-1150
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-April/000090.html
https://bugzilla.wikimedia.org/show_bug.cgi?id=23076
fc55e396-6deb-11df-8b8e-000c29ba66d2mediawiki -- two security vulnerabilities

Two security vulnerabilities were discovered:

Noncompliant CSS parsing behaviour in Internet Explorer allows attackers to construct CSS strings which are treated as safe by previous versions of MediaWiki, but are decoded to unsafe strings by Internet Explorer.

A CSRF vulnerability was discovered in our login interface. Although regular logins are protected as of 1.15.3, it was discovered that the account creation and password reset reset features were not protected from CSRF. This could lead to unauthorised access to private wikis.


Discovery 2010-05-28
Entry 2010-06-02
mediawiki
< 1.15.4

http://secunia.com/advisories/39922/
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
74b7403c-c4d5-11da-b2fb-000e0c2e438amediawiki -- cross site scripting vulnerability

The mediawiki development team reports that there is an site scripting vulnerability within mediawiki. The vulnerability is caused by improper checking of encoded links which could allow the injection of html in the output generated by mediawiki. This could lead to cross site scripting attacks against mediawiki installations.


Discovery 2006-03-27
Entry 2006-04-05
mediawiki
ge 1.4 lt 1.4.14

ge 1.5 lt 1.5.7

17269
CVE-2006-1498
http://mail.wikipedia.org/pipermail/mediawiki-announce/2006-March/000040.html
8d04cfbd-344d-11e0-8669-0025222482c5mediawiki -- multiple vulnerabilities

Medawiki reports:

An arbitrary script inclusion vulnerability was discovered. The vulnerability only allows execution of files with names ending in ".php" which are already present in the local filesystem. Only servers running Microsoft Windows and possibly Novell Netware are affected. Despite these mitigating factors, all users are advised to upgrade, since there is a risk of complete server compromise. MediaWiki 1.8.0 and later is affected.

Security researcher mghack discovered a CSS injection vulnerability. For Internet Explorer and similar browsers, this is equivalent to an XSS vulnerability, that is to say, it allows the compromise of wiki user accounts. For other browsers, it allows private data such as IP addresses and browsing patterns to be sent to a malicious external web server. It affects all versions of MediaWiki. All users are advised to upgrade.


Discovery 2011-02-01
Entry 2011-02-09
mediawiki
< 1.16.2

CVE-2011-0047
https://bugzilla.wikimedia.org/show_bug.cgi?id=27094
https://bugzilla.wikimedia.org/show_bug.cgi?id=27093
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_2/phase3/RELEASE-NOTES
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html
99015cf5-c4dd-11da-b2fb-000e0c2e438amediawiki -- hardcoded placeholder string security bypass vulnerability

The mediawiki development team reports a vulnerability within the mediawiki application. The vulnerability is caused by improper checking of inline style attributes. This could result in the execution of arbitrary javascript code in Microsoft Internet Explorer. It appears that other browsers are not affected by this vulnerability.


Discovery 2005-12-22
Entry 2006-04-05
mediawiki
< 1.5.4

16032
CAN-2005-4501
http://sourceforge.net/project/shownotes.php?release_id=379951
3fadb7c6-7b0a-11e0-89b4-001ec9578670mediawiki -- multiple vulnerabilities

Mediawiki reports:

(Bug 28534) XSS vulnerability for IE 6 clients. This is the third attempt at fixing bug 28235.

(Bug 28639) Potential privilege escalation when $wgBlockDisablesLogin is enabled.


Discovery 2011-04-14
Entry 2011-05-12
mediawiki
< 1.16.5

https://bugzilla.wikimedia.org/show_bug.cgi?id=28534
https://bugzilla.wikimedia.org/show_bug.cgi?id=28639
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_5/phase3/RELEASE-NOTES