aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authordelphij <delphij@FreeBSD.org>2015-06-22 14:44:54 +0800
committerdelphij <delphij@FreeBSD.org>2015-06-22 14:44:54 +0800
commit8515985e703e6488c97405e08060e0af697cccd7 (patch)
tree6820b0b161bad20312df3a26661c423e03c239e3 /security
parent46526b34de5e5f34d0dc3617761aef065ef32a58 (diff)
downloadfreebsd-ports-gnome-8515985e703e6488c97405e08060e0af697cccd7.tar.gz
freebsd-ports-gnome-8515985e703e6488c97405e08060e0af697cccd7.tar.zst
freebsd-ports-gnome-8515985e703e6488c97405e08060e0af697cccd7.zip
Document cacti multiple vulnerabilities (affects < 0.8.8c) and
multiple XSS/SQL injection vulnerabilities (affects < 0.8.8d). PR: 200963 Submitted by: Jason Unovitch
Diffstat (limited to 'security')
-rw-r--r--security/vuxml/vuln.xml86
1 files changed, 86 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 01680356052d..e521b4c14ff4 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -57,6 +57,92 @@ Notes:
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="a3929112-181b-11e5-a1cf-002590263bf5">
+ <topic>cacti -- Multiple XSS and SQL injection vulerabilities</topic>
+ <affects>
+ <package>
+ <name>cacti</name>
+ <range><lt>0.8.8d</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Cacti Group, Inc. reports:</p>
+ <blockquote cite="http://www.cacti.net/release_notes_0_8_8d.php">
+ <p>Important Security Fixes</p>
+ <ul>
+ <li>Multiple XSS and SQL injection vulerabilities</li>
+ </ul>
+ <p>Changelog</p>
+ <ul>
+ <li>bug: Fixed SQL injection VN: JVN#78187936 /
+ TN:JPCERT#98968540</li>
+ <li>bug#0002542: [FG-VD-15-017] Cacti Cross-Site Scripting
+ Vulnerability Notification</li>
+ <li>bug#0002571: SQL Injection and Location header injection from
+ cdef id CVE-2015-4342</li>
+ <li>bug#0002572: SQL injection in graph template</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2015-4342</cvename>
+ <freebsdpr>ports/200963</freebsdpr>
+ <url>http://www.cacti.net/release_notes_0_8_8d.php</url>
+ <mlist>http://seclists.org/fulldisclosure/2015/Jun/19</mlist>
+ </references>
+ <dates>
+ <discovery>2015-06-09</discovery>
+ <entry>2015-06-21</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="a0e74731-181b-11e5-a1cf-002590263bf5">
+ <topic>cacti -- multiple security vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>cacti</name>
+ <range><lt>0.8.8c</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Cacti Group, Inc. reports:</p>
+ <blockquote cite="http://www.cacti.net/release_notes_0_8_8c.php">
+ <p>Important Security Fixes</p>
+ <ul>
+ <li>CVE-2013-5588 - XSS issue via installer or device editing</li>
+ <li>CVE-2013-5589 - SQL injection vulnerability in device editing</li>
+ <li>CVE-2014-2326 - XSS issue via CDEF editing</li>
+ <li>CVE-2014-2327 - Cross-site request forgery (CSRF) vulnerability</li>
+ <li>CVE-2014-2328 - Remote Command Execution Vulnerability in graph export</li>
+ <li>CVE-2014-4002 - XSS issues in multiple files</li>
+ <li>CVE-2014-5025 - XSS issue via data source editing</li>
+ <li>CVE-2014-5026 - XSS issues in multiple files</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-5588</cvename>
+ <cvename>CVE-2013-5589</cvename>
+ <cvename>CVE-2014-2326</cvename>
+ <cvename>CVE-2014-2327</cvename>
+ <cvename>CVE-2014-2328</cvename>
+ <cvename>CVE-2014-4002</cvename>
+ <cvename>CVE-2014-5025</cvename>
+ <cvename>CVE-2014-5026</cvename>
+ <freebsdpr>ports/198586</freebsdpr>
+ <mlist>http://sourceforge.net/p/cacti/mailman/message/33072838/</mlist>
+ <url>http://www.cacti.net/release_notes_0_8_8c.php</url>
+ </references>
+ <dates>
+ <discovery>2014-11-23</discovery>
+ <entry>2015-06-21</entry>
+ </dates>
+ </vuln>
+
<vuln vid="968d1e74-1740-11e5-a643-40a8f0757fb4">
<topic>p5-Dancer -- possible to abuse session cookie values</topic>
<affects>