diff options
| author | delphij <delphij@FreeBSD.org> | 2008-04-26 03:03:04 +0800 |
|---|---|---|
| committer | delphij <delphij@FreeBSD.org> | 2008-04-26 03:03:04 +0800 |
| commit | 4304aa0f8e2a5efffc0ca9184ecdf3b490df6cf8 (patch) | |
| tree | 79ed776524ac7acbe11d31100109a6b005b26741 /security/vuxml | |
| parent | 0f6ff0ab5960b176746fa659503be7f0ff6c425d (diff) | |
| download | freebsd-ports-graphics-4304aa0f8e2a5efffc0ca9184ecdf3b490df6cf8.tar.gz freebsd-ports-graphics-4304aa0f8e2a5efffc0ca9184ecdf3b490df6cf8.tar.zst freebsd-ports-graphics-4304aa0f8e2a5efffc0ca9184ecdf3b490df6cf8.zip | |
Document extman password bypass vulnerability.
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index f3b9f86885a..e294ff80db9 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,34 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="44c8694a-12f9-11dd-9b26-001c2514716c"> + <topic>extman -- password bypass vulnerability</topic> + <affects> + <package> + <name>extman</name> + <range><ge>0.2.4</ge><lt>0.2.4_1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Extmail team reports:</p> + <blockquote cite="http://www.extmail.org/forum/thread-7260-1-1.html"> + <p>Emergency update #4 fixes a serious security vulnerability.</p> + </blockquote> + <p>Successful exploit of this vulnerability would allow attacker to + change user's password without knowing it by using specifically + crafted HTTP request.</p> + </body> + </description> + <references> + <url>http://www.extmail.org/forum/thread-7260-1-1.html</url> + </references> + <dates> + <discovery>2008-04-01</discovery> + <entry>2008-04-25</entry> + </dates> + </vuln> + <vuln vid="f47f2746-12c5-11dd-bab7-0016179b2dd5"> <topic>mailman -- script insertion vulnerability</topic> <affects> |