Date: Sat, 27 Apr 2013 20:58:01 +0000 (UTC) From: Nicola Vitale <nivit@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r316694 - head/security/vuxml Message-ID: <201304272058.r3RKw1al062175@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: nivit Date: Sat Apr 27 20:58:01 2013 New Revision: 316694 URL: http://svnweb.freebsd.org/changeset/ports/316694 Log: - Document multiple XSS and DDoS vulnerabilities for Joomla! (2.5.0 <= version < 2.5.10) Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sat Apr 27 20:56:38 2013 (r316693) +++ head/security/vuxml/vuln.xml Sat Apr 27 20:58:01 2013 (r316694) @@ -51,6 +51,68 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="57df803e-af34-11e2-8d62-6cf0490a8c18"> + <topic>Joomla! -- XXS and DDoS vulnerabilities</topic> + <affects> + <package> + <name>joomla</name> + <range><ge>2.0.*</ge><lt>2.5.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The JSST and the Joomla! Security Center report:</p> + <blockquote cite="http://developer.joomla.org/security/80-20130405-core-xss-vulnerability.html">; + <h2>[20130405] - Core - XSS Vulnerability</h2> + <p>Inadequate filtering leads to XSS vulnerability in Voting plugin.</p> + </blockquote> + <blockquote cite="http://developer.joomla.org/security/81-20130403-core-xss-vulnerability.html">; + <h2>[20130403] - Core - XSS Vulnerability</h2> + <p>Inadequate filtering allows possibility of XSS exploit in some + circumstances.</p> + </blockquote> + <blockquote cite="http://developer.joomla.org/security/82-20130402-core-information-disclosure.html">; + <h2>[20130402] - Core - Information Disclosure</h2> + <p>Inadequate permission checking allows unauthorised user to see + permission settings in some circumstances.</p> + </blockquote> + <blockquote cite="http://developer.joomla.org/security/83-20130404-core-xss-vulnerability.html">; + <h2>[20130404] - Core - XSS Vulnerability</h2> + <p>Use of old version of Flash-based file uploader leads to XSS + vulnerability.</p> + </blockquote> + <blockquote cite="http://developer.joomla.org/security/84-20130401-core-privilege-escalation.html">; + <h2>[20130401] - Core - Privilege Escalation</h2> + <p>Inadequate permission checking allows unauthorised user to delete + private messages.</p> + </blockquote> + <blockquote cite="http://developer.joomla.org/security/85-20130406-core-dos-vulnerability.html">; + <h2>[20130406] - Core - DOS Vulnerability</h2> + <p>Object unserialize method leads to possible denial of service + vulnerability.</p> + </blockquote> + <blockquote cite="http://developer.joomla.org/security/86-20130407-core-xss-vulnerability.html">; + <h2>[20130407] - Core - XSS Vulnerability</h2> + <p>Inadequate filtering leads to XSS vulnerability in highlighter + plugin</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-3059</cvename> + <cvename>CVE-2013-3058</cvename> + <cvename>CVE-2013-3057</cvename> + <url>http://developer.joomla.org/security/83-20130404-core-xss-vulnerability.html</url>; + <cvename>CVE-2013-3056</cvename> + <cvename>CVE-2013-3242</cvename> + <cvename>CVE-2013-3267</cvename> + </references> + <dates> + <discovery>2013-04-24</discovery> + <entry>2013-04-27</entry> + </dates> + </vuln> + <vuln vid="8c8fa44d-ad15-11e2-8cea-6805ca0b3d42"> <topic>phpMyAdmin -- Multiple security vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201304272058.r3RKw1al062175>