FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  527060
Date:      2020-02-25
Time:      03:07:17Z
Committer: fluffy

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f69e1f09-e39b-11e5-9f77-5453ed2e2b49websvn -- information disclosure

Thijs Kinkhorst reports:

James Clawson reported:

"Arbitrary files with a known path can be accessed in websvn by committing a symlink to a repository and then downloading the file (using the download link).

An attacker must have write access to the repo, and the download option must have been enabled in the websvn config file."

Discovery 2015-01-18
Entry 2016-03-06
lt 2.3.3_1

12d1b5a6-e39d-11e5-9f77-5453ed2e2b49websvn -- reflected cross-site scripting

Sebastien Delafond reports:

Jakub Palaczynski discovered that websvn, a web viewer for Subversion repositories, does not correctly sanitize user-supplied input, which allows a remote user to run reflected cross-site scripting attacks.

Discovery 2016-02-22
Entry 2016-03-06
lt 2.3.3_1