FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
7e580822-8cd8-11d9-8c81-000a95bc6faepostnuke -- cross-site scripting (XSS) vulnerabilities

A cross-site scripting vulnerability is present in the PostNuke PHP content management system. By passing data injected through exploitable errors in input validation, an attacker can insert code which will run on the machine of anybody viewing the page. It is feasible that this attack could be used to retrieve session information from cookies, thereby allowing the attacker to gain administrative access to the CMS.


Discovery 2005-02-28
Entry 2005-03-04
postnuke
< 0.760

CVE-2005-0616
http://marc.theaimsgroup.com/?l=bugtraq&m=110962768300373
http://news.postnuke.com/Article2669.html
f3eec2b5-8cd8-11d9-8066-000a95bc6faepostnuke -- SQL injection vulnerabilities

Two separate SQL injection vulnerabilities have been identified in the PostNuke PHP content management system. An attacker can use this vulnerability to potentially insert executable PHP code into the content management system (to view all files within the PHP scope, for instance). Various other SQL injection vulnerabilities exist, which give attackers the ability to run SQL queries on any tables within the database.


Discovery 2005-02-28
Entry 2005-03-04
postnuke
< 0.760

CVE-2005-0617
CVE-2005-0615
http://marc.theaimsgroup.com/?l=bugtraq&m=110962710805864
http://marc.theaimsgroup.com/?l=bugtraq&m=110962819232255
http://news.postnuke.com/Article2669.html
35f2679f-52d7-11db-8f1a-000a48049292postnuke -- admin section SQL injection

ISS X-Force reports:

PostNuke is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the admin section using the hits parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.


Discovery 2006-09-29
Entry 2006-10-03
Modified 2007-11-17
postnuke
< 0.763

20317
CVE-2006-5121
http://xforce.iss.net/xforce/xfdb/29271
http://www.securityfocus.com/archive/1/archive/1/447361/100/0/threaded
http://secunia.com/advisories/22197/
0274a9f1-0759-11da-bc08-0001020eed82postnuke -- multiple vulnerabilities

Postnuke Security Announcementss reports of the following vulnerabilities:

  • missing input validation within /modules/Messages/readpmsg.php
  • possible path disclosure within /user.php
  • possible path disclosure within /modules/News/article.php
  • possible remote code injection within /includes/pnMod.php
  • possible cross-site-scripting in /index.php
  • remote code injection via xml rpc library

Discovery 2005-05-27
Entry 2005-08-08
postnuke
< 0.760

CVE-2005-1621
CVE-2005-1695
CVE-2005-1696
CVE-2005-1698
CVE-2005-1777
CVE-2005-1778
CVE-2005-1921
http://marc.theaimsgroup.com/?l=bugtraq&m=111721364707520
http://secunia.com/advisories/15450/
http://news.postnuke.com/Article2691.html
http://news.postnuke.com/Article2699.html