FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The last vuln.xml file processed by FreshPorts is:
nothing found there
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
|7289187b-66a5-11da-99f6-00123ffe8333||trac -- search module SQL injection vulnerability|
A vulnerability has been reported in Trac, which
can be exploited by malicious people to conduct SQL
Some unspecified input passed in the search module
isn't properly sanitised before being used in a SQL
query. This can be exploited to manipulate SQL
queries by injecting arbitrary SQL code.
|b02c1d80-e1bb-11d9-b875-0001020eed82||trac -- file upload/download vulnerability|
Stefan Esser reports:
Trac's wiki and ticket systems allows to add attachments
to wiki entries and bug tracker tickets. These attachments
are stored within directories that are determined by the
id of the corresponding ticket or wiki entry.
Due to a missing validation of the id parameter it is
possible for an attacker to supply arbitrary paths to the
upload and attachment viewer scripts. This means that a
potential attacker can retrieve any file accessible by the
Additionally it is possible to upload arbitrary files (up
to a configured file length) to any place the webserver
has write access too.
For obvious reasons this can lead to the execution of
arbitrary code if it possible to upload files to the
document root or it's subdirectories. One example of a
configuration would be f.e. running Trac and
s9y/wordpress with writeable content directories on the
Another potential usage of this exploit would be to abuse
Trac powered webservers as storage for f.e. torrent
|e546c7ce-ce46-11db-bc24-0016179b2dd5||trac -- cross site scripting vulnerability|
The vulnerability is caused due to an error within the
"download wiki page as text" function, which can be exploited
to execute arbitrary HTML and script code in a user's browser
session in context of an affected site.
Successful exploitation may require that the victim uses IE.
|c89a3ebb-ae07-11dd-b4b2-001f3c8eabeb||trac -- potential DOS vulnerability|
Trac development team reports:
0.11.2 is a new stable maintenance release. It contains
several security fixes and everyone is recommended to
upgrade their installations.
Fixes potential DOS vulnerability with certain wiki markup.
|b0d61f73-0e11-11db-a47b-000c2957fdf1||trac -- reStructuredText breach of privacy and denial of service vulnerability|
The Trac 0.9.6 Release Notes reports:
Fixed reStructuredText breach of privacy and denial of
service vulnerability found by Felix Wiemann.
The discovered vulnerability requires docutils to be
installed and enabled. Systems that do not have docutils
installed or enabled are not vulnerable. As of this
version version 0.3.9 or greater of docutils is required
for using reStructuredText markup in Trac.
|400d9d22-d6c5-11da-a14b-00123ffe8333||trac -- Wiki Macro Script Insertion Vulnerability|
A vulnerability has been reported, which can be exploited by
malicious people to conduct script insertion attacks.
Input passed using the wiki macro isn't properly sanitised before
being used. This can be exploited to inject arbitrary HTML and
script code, which will be executed in a user's browser session in
context of an affected site when the malicious user data is