diff options
| author | Henrik Brix Andersen <brix@FreeBSD.org> | 2008-04-12 22:15:02 +0000 |
|---|---|---|
| committer | Henrik Brix Andersen <brix@FreeBSD.org> | 2008-04-12 22:15:02 +0000 |
| commit | 93305f716dbb51f65265f0484f3ddf14660c3385 (patch) | |
| tree | 8d7f830ed4c75c7524c194ae9004d85756175bee /security | |
| parent | 2a78546262915b2bd78225c7b14602b74073df97 (diff) | |
| download | ports-93305f716dbb51f65265f0484f3ddf14660c3385.tar.gz ports-93305f716dbb51f65265f0484f3ddf14660c3385.zip | |
Notes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index ed8d9a6edb25..05520242ec11 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,35 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="8d2c0ce1-08b6-11dd-94b4-0016d325a0ed"> + <topic>ikiwiki -- cross site request forging</topic> + <affects> + <package> + <name>ikiwiki</name> + <range><lt>2.42</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The ikiwiki development team reports:</p> + <blockquote cite="http://ikiwiki.info/security/#index31h2"> + <p>Cross Site Request Forging could be used to construct a link + that would change a logged-in user's password or other preferences + if they clicked on the link. It could also be used to construct a + link that would cause a wiki page to be modified by a logged-in + user.</p> + </blockquote> + </body> + </description> + <references> + <url>http://ikiwiki.info/security/#index31h2</url> + </references> + <dates> + <discovery>2008-04-10</discovery> + <entry>2008-04-13</entry> + </dates> + </vuln> + <vuln vid="072a53e0-0397-11dd-bd06-0017319806e7"> <topic>postfix-policyd-weight -- working directory symlink vulnerability</topic> <affects> |