FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b4f0ad36-94a5-11e8-9007-080027ac955c	mailman -- content spoofing with invalid list names in web UI Mark Sapiro reports: A URL with a very long text listname such as http://www.example.com/mailman/listinfo/This_is_a_long_string_with_some_phishing_text will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site. This issue was discovered by Hammad Qureshi. Discovery 2018-07-09 Entry 2018-07-31 mailman < 2.1.28 mailman-with-htdig < 2.1.28 ja-mailman < 2.1.14.j7_6,1 https://bugs.launchpad.net/mailman/+bug/1780874 https://mail.python.org/pipermail/mailman-announce/2018-July/000241.html CVE-2018-13796

VuXML ID

Description

b4f0ad36-94a5-11e8-9007-080027ac955c

mailman -- content spoofing with invalid list names in web UI

Mark Sapiro reports:

A URL with a very long text listname such as
http://www.example.com/mailman/listinfo/This_is_a_long_string_with_some_phishing_text
will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site.

This issue was discovered by Hammad Qureshi.

Discovery 2018-07-09
Entry 2018-07-31
mailman

< 2.1.28

mailman-with-htdig

< 2.1.28

ja-mailman

< 2.1.14.j7_6,1

https://bugs.launchpad.net/mailman/+bug/1780874
https://mail.python.org/pipermail/mailman-announce/2018-July/000241.html
CVE-2018-13796