FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
698403a7-803d-11e5-ab94-002590263bf5codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports:

Fixed an XSS attack vector in Security Library method xss_clean().

Changed Config Library method base_url() to fallback to ``$_SERVER['SERVER_ADDR']`` in order to avoid Host header injections.

Changed CAPTCHA Helper to try to use the operating system's PRNG first.


Discovery 2015-10-31
Entry 2015-11-01
codeigniter
< 2.2.6

ports/203403
https://codeigniter.com/userguide2/changelog.html
71ebbc50-01c1-11e7-ae1b-002590263bf5codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports:

Fixed an XSS vulnerability in Security Library method xss_clean().

Fixed a possible file inclusion vulnerability in Loader Library method vars().

Fixed a possible remote code execution vulnerability in the Email Library when ‘mail’ or ‘sendmail’ are used (thanks to Paul Buonopane from NamePros).

Added protection against timing side-channel attacks in Security Library method csrf_verify().

Added protection against BREACH attacks targeting the CSRF token field generated by Form Helper function form_open().


Discovery 2017-01-09
Entry 2017-03-05
codeigniter
< 3.1.3

https://www.codeigniter.com/user_guide/changelog.html
f838dcb4-656f-11e5-9909-002590263bf5codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports:

Security: The xor_encode() method in the Encrypt Class has been removed. The Encrypt Class now requires the Mcrypt extension to be installed.

Security: The Session Library now uses HMAC authentication instead of a simple MD5 checksum.


Discovery 2014-06-05
Entry 2015-09-28
codeigniter
< 2.2.0

ports/203401
https://codeigniter.com/userguide2/changelog.html
496160d3-d3be-11e6-ae1b-002590263bf5codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports:

Fixed a number of new vulnerabilities in Security Library method xss_clean().


Discovery 2016-10-28
Entry 2017-01-06
codeigniter
< 3.1.2

https://www.codeigniter.com/user_guide/changelog.html
01bce4c6-6571-11e5-9909-002590263bf5codeigniter -- mysql database driver vulnerability

The CodeIgniter changelog reports:

Security: Removed a fallback to mysql_escape_string() in the mysql database driver (escape_str() method) when there's no active database connection.


Discovery 2015-07-15
Entry 2015-09-28
codeigniter
< 2.2.3

ports/203401
https://codeigniter.com/userguide2/changelog.html
ef3423e4-d056-11e7-a52c-002590263bf5codeigniter -- input validation bypass

The CodeIgniter changelog reports:

Security: Fixed a potential object injection in Cache Library 'apc' driver when save() is used with $raw = TRUE.


Discovery 2017-09-25
Entry 2017-11-23
codeigniter
< 3.1.6

https://www.codeigniter.com/user_guide/changelog.html
5114cd11-6571-11e5-9909-002590263bf5codeigniter -- SQL injection vulnerability

The CodeIgniter changelog reports:

Security: Fixed an SQL injection vulnerability in Active Record method offset().


Discovery 2015-08-20
Entry 2015-09-28
codeigniter
< 2.2.4

ports/203401
https://codeigniter.com/userguide2/changelog.html
95602550-76cf-11e5-a2a1-002590263bf5codeigniter -- multiple XSS vulnerabilities

The CodeIgniter changelog reports:

Fixed a number of XSS attack vectors in Security Library method xss_clean (thanks to Frans Rosén from Detectify.


Discovery 2015-10-08
Entry 2015-10-20
codeigniter
< 2.2.5

ports/203403
https://codeigniter.com/userguide2/changelog.html
c21f4e61-6570-11e5-9909-002590263bf5codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports:

Security: Added HTTP "Host" header character validation to prevent cache poisoning attacks when base_url auto-detection is used.

Security: Added FSCommand and seekSegmentTime to the "evil attributes" list in CI_Security::xss_clean().


Discovery 2015-04-15
Entry 2015-09-28
codeigniter
< 2.2.2

ports/203401
https://codeigniter.com/userguide2/changelog.html
aaedf196-6436-11e7-8b49-002590263bf5codeigniter -- input validation bypass

The CodeIgniter changelog reports:

Form Validation Library rule valid_email could be bypassed if idn_to_ascii() is available.


Discovery 2017-06-19
Entry 2017-07-08
codeigniter
< 3.1.5

https://www.codeigniter.com/user_guide/changelog.html
5e439ee7-d3bd-11e6-ae1b-002590263bf5codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports:

Fixed an SQL injection in the ‘odbc’ database driver.

Updated set_realpath() Path Helper function to filter-out php:// wrapper inputs.


Discovery 2016-07-26
Entry 2017-01-06
codeigniter
< 3.1.0

https://www.codeigniter.com/user_guide/changelog.html
df0144fb-295e-11e7-970f-002590263bf5codeigniter -- multiple vulnerabilities

The CodeIgniter changelog reports:

Fixed a header injection vulnerability in common function set_status_header() under Apache (thanks to Guillermo Caminer from Flowgate).

Fixed byte-safety issues in Encrypt Library (DEPRECATED) when mbstring.func_overload is enabled.

Fixed byte-safety issues in Encryption Library when mbstring.func_overload is enabled.

Fixed byte-safety issues in compatibility functions password_hash(), hash_pbkdf2() when mbstring.func_overload is enabled.

Updated Encrypt Library (DEPRECATED) to call mcrypt_create_iv() with MCRYPT_DEV_URANDOM.


Discovery 2017-03-23
Entry 2017-04-25
codeigniter
< 3.1.4

https://www.codeigniter.com/user_guide/changelog.html