FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8d04cfbd-344d-11e0-8669-0025222482c5mediawiki -- multiple vulnerabilities

Medawiki reports:

An arbitrary script inclusion vulnerability was discovered. The vulnerability only allows execution of files with names ending in ".php" which are already present in the local filesystem. Only servers running Microsoft Windows and possibly Novell Netware are affected. Despite these mitigating factors, all users are advised to upgrade, since there is a risk of complete server compromise. MediaWiki 1.8.0 and later is affected.

Security researcher mghack discovered a CSS injection vulnerability. For Internet Explorer and similar browsers, this is equivalent to an XSS vulnerability, that is to say, it allows the compromise of wiki user accounts. For other browsers, it allows private data such as IP addresses and browsing patterns to be sent to a malicious external web server. It affects all versions of MediaWiki. All users are advised to upgrade.


Discovery 2011-02-01
Entry 2011-02-09
mediawiki
< 1.16.2

CVE-2011-0047
https://bugzilla.wikimedia.org/show_bug.cgi?id=27094
https://bugzilla.wikimedia.org/show_bug.cgi?id=27093
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_2/phase3/RELEASE-NOTES
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-February/000095.html
e177c410-1943-11e0-9d1c-000c29ba66d2mediawiki -- Clickjacking vulnerabilities

Clickjacking vulnerabilities:

Clickjacking is a type of vulnerability discovered in 2008, which is similar to CSRF. The attack involves displaying the target webpage in a iframe embedded in a malicious website. Using CSS, the submit button of the form on the targeit webpage is made invisible, and then overlaid with some button or link on the malicious website that encourages the user to click on it.


Discovery 2011-01-04
Entry 2011-01-06
mediawiki
gt 1.16 lt 1.16.1

gt 1.15 lt 1.15.5_1

https://bugzilla.wikimedia.org/show_bug.cgi?id=26561
3fadb7c6-7b0a-11e0-89b4-001ec9578670mediawiki -- multiple vulnerabilities

Mediawiki reports:

(Bug 28534) XSS vulnerability for IE 6 clients. This is the third attempt at fixing bug 28235.

(Bug 28639) Potential privilege escalation when $wgBlockDisablesLogin is enabled.


Discovery 2011-04-14
Entry 2011-05-12
mediawiki
< 1.16.5

https://bugzilla.wikimedia.org/show_bug.cgi?id=28534
https://bugzilla.wikimedia.org/show_bug.cgi?id=28639
http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-May/000098.html
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_16_5/phase3/RELEASE-NOTES
fc55e396-6deb-11df-8b8e-000c29ba66d2mediawiki -- two security vulnerabilities

Two security vulnerabilities were discovered:

Noncompliant CSS parsing behaviour in Internet Explorer allows attackers to construct CSS strings which are treated as safe by previous versions of MediaWiki, but are decoded to unsafe strings by Internet Explorer.

A CSRF vulnerability was discovered in our login interface. Although regular logins are protected as of 1.15.3, it was discovered that the account creation and password reset reset features were not protected from CSRF. This could lead to unauthorised access to private wikis.


Discovery 2010-05-28
Entry 2010-06-02
mediawiki
< 1.15.4

http://secunia.com/advisories/39922/
http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html