diff options
| author | miwi <miwi@FreeBSD.org> | 2007-08-03 02:50:06 +0800 |
|---|---|---|
| committer | miwi <miwi@FreeBSD.org> | 2007-08-03 02:50:06 +0800 |
| commit | 58a8acaac5eacfe53a0f3bb451272f1bc5f5f5e1 (patch) | |
| tree | 10ae9dfe011496e4b7f747348db501d1f609f576 /security/vuxml | |
| parent | 86066d92d93e5df4663afcf9202862cd235c231d (diff) | |
| download | freebsd-ports-gnome-58a8acaac5eacfe53a0f3bb451272f1bc5f5f5e1.tar.gz freebsd-ports-gnome-58a8acaac5eacfe53a0f3bb451272f1bc5f5f5e1.tar.zst freebsd-ports-gnome-58a8acaac5eacfe53a0f3bb451272f1bc5f5f5e1.zip | |
Document joomla -- multiple vulnerabilities
Approved by: simon/remko
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c02f4b78db28..e3c028ed2fa3 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,46 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="4872d9a7-4128-11dc-bdb0-0016179b2dd5"> + <topic>joomla -- multiple vulnerabilities</topic> + <affects> + <package> + <name>joomla</name> + <range><lt>1.0.13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A Secunia Advisory reports:</p> + <p>joomla can be exploited to conduct session fixation + attacks, cross-site scripting attacks or HTTP response + splitting attacks.</p> + <p>Certain unspecified input passed in com_search, com_content and + mod_login is not properly sanitised before being returned to a + user. This can be exploited to execute arbitrary HTML and script + code in a user's browser session in context of an affected + site.</p> + <p>Input passed to the url parameter is not properly sanitised + before being returned to the user. This can be exploited to insert + arbitrary HTTP headers, which will be included in a response sent + to the user, allowing for execution of arbitrary HTML and script + code in a user's browser session in context of an affected + site.</p> + <p>An error exists in the handling of sessions and can be exploited + to hijack another user's session by tricking the user into logging + in after following a specially crafted link.</p> + </body> + </description> + <references> + <url>http://www.joomla.org/content/view/3677/1/</url> + <url>http://secunia.com/advisories/26239/</url> + </references> + <dates> + <discovery>2007-07-30</discovery> + <entry>2007-08-02</entry> + </dates> + </vuln> + <vuln vid="2dc764fa-40c0-11dc-aeac-02e0185f8d72"> <topic>FreeBSD -- Buffer overflow in tcpdump(1)</topic> <affects> |