From 8b02d294d0a305de962913d6213ad886ff485d5b Mon Sep 17 00:00:00 2001 From: simon Date: Thu, 29 Sep 2005 19:31:12 +0000 Subject: - Add a note that new entries, per convention, should be added to the start of this file. For latest phpmyfaq entry: - Use port directory name as first part of topic. - No need to include information about affected releases in topic (it's somewhat redundant and makes the title longer). - Reindent body with standard FreeBSD Doc Project (more or less) style. --- security/vuxml/vuln.xml | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'security') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3216a4855ac6..48e294d427fc 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -30,6 +30,8 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. $FreeBSD$ +Note: Please add new entries to the beginning of this file. + --> @@ -21508,7 +21510,8 @@ misc.c: - phpMyFAQ -- SQL injection, takeover, path disclosure, remote code execution in phpMyFAQ 1.5.x + phpmyfaq -- SQL injection, takeover, path disclosure, + remote code execution phpmyfaq @@ -21517,10 +21520,12 @@ misc.c: -

If magic quotes are off there's a SQL injection when sending a forgotten password. - It's possible to overwrite the admin password and to take over the whole system. - In some files in the admin section there are some cross site scripting vulnerabilities. - In the public frontend it's possible to include arbitrary php files.

If magic quotes are off there's a SQL injection when + sending a forgotten password. It's possible to overwrite + the admin password and to take over the whole system. In + some files in the admin section there are some cross site + scripting vulnerabilities. In the public frontend it's + possible to include arbitrary php files.

@@ -21532,3 +21537,4 @@ misc.c: + -- cgit