FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-19 20:48:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
c3aba586-ea77-11dd-9d1e-000bcdc1757a	openfire -- multiple vulnerabilities Core Security Technologies reports: Multiple cross-site scripting vulnerabilities have been found which may lead to arbitrary remote code execution on the server running the application due to unauthorized upload of Java plugin code. Discovery 2009-01-08 Entry 2009-01-25 Modified 2010-05-02 openfire < 3.6.3 32935 32937 32938 32939 32940 32943 32944 32945 CVE-2009-0496 CVE-2009-0497 http://www.coresecurity.com/content/openfire-multiple-vulnerabilities
e3e30d99-58a8-4a3f-8059-a8b7cd59b881	openfire -- Openfire No Password Changes Security Bypass Secunia reports: A vulnerability has been reported in Openfire which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to Openfire not properly respecting the no password changes setting which can be exploited to change passwords by sending jabber:iq:auth passwd_change requests to the server. Discovery 2009-05-04 Entry 2009-05-04 Modified 2010-05-02 openfire < 3.6.4 CVE-2009-1596 http://secunia.com/advisories/34984/ http://www.igniterealtime.org/issues/browse/JM-1532 http://www.igniterealtime.org/community/message/190288#190288

VuXML ID

Description

c3aba586-ea77-11dd-9d1e-000bcdc1757a

openfire -- multiple vulnerabilities

Core Security Technologies reports:

Multiple cross-site scripting vulnerabilities have been found which may lead to arbitrary remote code execution on the server running the application due to unauthorized upload of Java plugin code.

Discovery 2009-01-08
Entry 2009-01-25
Modified 2010-05-02
openfire

< 3.6.3

32935
32937
32938
32939
32940
32943
32944
32945
CVE-2009-0496
CVE-2009-0497
http://www.coresecurity.com/content/openfire-multiple-vulnerabilities

e3e30d99-58a8-4a3f-8059-a8b7cd59b881

openfire -- Openfire No Password Changes Security Bypass

Secunia reports:

A vulnerability has been reported in Openfire which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to Openfire not properly respecting the no password changes setting which can be exploited to change passwords by sending jabber:iq:auth passwd_change requests to the server.

Discovery 2009-05-04
Entry 2009-05-04
Modified 2010-05-02
openfire

< 3.6.4

CVE-2009-1596
http://secunia.com/advisories/34984/
http://www.igniterealtime.org/issues/browse/JM-1532
http://www.igniterealtime.org/community/message/190288#190288