diff options
| author | nivit <nivit@FreeBSD.org> | 2013-04-28 04:58:01 +0800 |
|---|---|---|
| committer | nivit <nivit@FreeBSD.org> | 2013-04-28 04:58:01 +0800 |
| commit | 5441c7fbcce01b7c3667e021d36563cdde036ae0 (patch) | |
| tree | 730a3fee6baadcb67aa23fc25673d9c4ea2aa229 /security | |
| parent | c6d266a5cd29bcf9bfb144e186232484e32b6c76 (diff) | |
| download | freebsd-ports-gnome-5441c7fbcce01b7c3667e021d36563cdde036ae0.tar.gz freebsd-ports-gnome-5441c7fbcce01b7c3667e021d36563cdde036ae0.tar.zst freebsd-ports-gnome-5441c7fbcce01b7c3667e021d36563cdde036ae0.zip | |
- Document multiple XSS and DDoS vulnerabilities for Joomla!
(2.5.0 <= version < 2.5.10)
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 1742f0e7dfd0..83a05059d8f1 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,68 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="57df803e-af34-11e2-8d62-6cf0490a8c18"> + <topic>Joomla! -- XXS and DDoS vulnerabilities</topic> + <affects> + <package> + <name>joomla</name> + <range><ge>2.0.*</ge><lt>2.5.10</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The JSST and the Joomla! Security Center report:</p> + <blockquote cite="http://developer.joomla.org/security/80-20130405-core-xss-vulnerability.html"> + <h2>[20130405] - Core - XSS Vulnerability</h2> + <p>Inadequate filtering leads to XSS vulnerability in Voting plugin.</p> + </blockquote> + <blockquote cite="http://developer.joomla.org/security/81-20130403-core-xss-vulnerability.html"> + <h2>[20130403] - Core - XSS Vulnerability</h2> + <p>Inadequate filtering allows possibility of XSS exploit in some + circumstances.</p> + </blockquote> + <blockquote cite="http://developer.joomla.org/security/82-20130402-core-information-disclosure.html"> + <h2>[20130402] - Core - Information Disclosure</h2> + <p>Inadequate permission checking allows unauthorised user to see + permission settings in some circumstances.</p> + </blockquote> + <blockquote cite="http://developer.joomla.org/security/83-20130404-core-xss-vulnerability.html"> + <h2>[20130404] - Core - XSS Vulnerability</h2> + <p>Use of old version of Flash-based file uploader leads to XSS + vulnerability.</p> + </blockquote> + <blockquote cite="http://developer.joomla.org/security/84-20130401-core-privilege-escalation.html"> + <h2>[20130401] - Core - Privilege Escalation</h2> + <p>Inadequate permission checking allows unauthorised user to delete + private messages.</p> + </blockquote> + <blockquote cite="http://developer.joomla.org/security/85-20130406-core-dos-vulnerability.html"> + <h2>[20130406] - Core - DOS Vulnerability</h2> + <p>Object unserialize method leads to possible denial of service + vulnerability.</p> + </blockquote> + <blockquote cite="http://developer.joomla.org/security/86-20130407-core-xss-vulnerability.html"> + <h2>[20130407] - Core - XSS Vulnerability</h2> + <p>Inadequate filtering leads to XSS vulnerability in highlighter + plugin</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-3059</cvename> + <cvename>CVE-2013-3058</cvename> + <cvename>CVE-2013-3057</cvename> + <url>http://developer.joomla.org/security/83-20130404-core-xss-vulnerability.html</url> + <cvename>CVE-2013-3056</cvename> + <cvename>CVE-2013-3242</cvename> + <cvename>CVE-2013-3267</cvename> + </references> + <dates> + <discovery>2013-04-24</discovery> + <entry>2013-04-27</entry> + </dates> + </vuln> + <vuln vid="8c8fa44d-ad15-11e2-8cea-6805ca0b3d42"> <topic>phpMyAdmin -- Multiple security vulnerabilities</topic> <affects> |