FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
7580f00e-280c-11e0-b7c8-00215c6a37bbdokuwiki -- multiple privilege escalation vulnerabilities

Dokuwiki reports:

This security update fixes problems in the XMLRPC interface where ACLs where not checked correctly sometimes, making it possible to access and write information that should not have been accessible/writable. This only affects users who have enabled the XMLRPC interface (default is off) and have enabled XMLRPC access for users who can't access/write all content anyway (default is nobody, see http://www.dokuwiki.org/config:xmlrpcuser for details).

This update also includes a fix for a problem in the general ACL checking function that could be exploited to gain access to restricted pages and media files in rare conditions (when you had rights for an id you could get the same rights on ids where one character has been replaced by a ".").


Discovery 2011-01-16
Entry 2011-01-24
dokuwiki
< 20101107a

http://bugs.dokuwiki.org/index.php?do=details&task_id=2136
2fe4b57f-d110-11e1-ac76-10bf48230856Dokuwiki -- cross site scripting vulnerability

Secunia Research reports:

Secunia Research has discovered a vulnerability in DokuWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "ns" POST parameter in lib/exe/ajax.php (when "call" is set to "medialist" and "do" is set to "media") is not properly sanitised within the "tpl_mediaFileList()" function in inc/template.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.


Discovery 2012-07-13
Entry 2012-07-18
dokuwiki
< 20120125_2

http://secunia.com/advisories/49196/
CVE-2012-0283
0b535cd0-9b90-11e0-800a-00215c6a37bbDokuwiki -- cross site scripting vulnerability

Dokuwiki reports:

We just released a Hotfix Release "2011-05-25a Rincewind". It contains the following changes:

Security fix for a Cross Site Scripting vulnerability. Malicious users could abuse DokuWiki's RSS embedding mechanism to create links containing arbitrary JavaScript. Note: this security problem is present in at least Anteater and Rincewind but probably in older releases as well.


Discovery 2011-06-14
Entry 2011-06-20
dokuwiki
< 20110525a

http://www.freelists.org/post/dokuwiki/Hotfix-Release-20110525a-Rincewind
848539dc-0458-11df-8dd7-002170daae37dokuwiki -- multiple vulnerabilities

Dokuwiki reports:

The plugin does no checks against cross-site request forgeries (CSRF) which can be exploited to e.g. change the access control rules by tricking a logged in administrator into visiting a malicious web site.

The bug allows listing the names of arbitrary file on the webserver - not their contents. This could leak private information about wiki pages and server structure.


Discovery 2010-01-17
Entry 2010-01-18
Modified 2010-05-02
dokuwiki
< 20091225_2

CVE-2010-0288
CVE-2010-0287
CVE-2010-0289
http://bugs.splitbrain.org/index.php?do=details&task_id=1847
http://bugs.splitbrain.org/index.php?do=details&task_id=1853
4f838b74-50a1-11de-b01f-001c2514716cdokuwiki -- Local File Inclusion with register_globals on

DokuWiki reports:

A security hole was discovered which allows an attacker to include arbitrary files located on the attacked DokuWiki installation. The included file is executed in the PHP context. This can be escalated by introducing malicious code through uploading file via the media manager or placing PHP code in editable pages.


Discovery 2009-05-26
Entry 2009-06-04
Modified 2010-05-02
dokuwiki
< 20090214_2

dokuwiki-devel
gt 0

CVE-2009-1960
http://bugs.splitbrain.org/index.php?do=details&task_id=1700
a04247f1-8d9c-11e1-93c7-00215c6a37bbDokuwiki -- cross site scripting vulnerability

Andy Webber reports:

Add User appears to be vulnerable to Cross Site Request Forgery (CSRF/XSRF).


Discovery 2012-04-17
Entry 2012-04-23
dokuwiki
< 20120125_1

CVE-2012-2128
CVE-2012-2129