mirror of
https://git.FreeBSD.org/ports.git
synced 2024-11-23 00:43:28 +00:00
5e7bd302a1
Vulnerability Details ===================== Class: Cross-Site Request Forgery Versions: 4.0.2 to 4.0.4, 4.1.1 to 4.2rc2 Fixed In: 4.0.5, 4.2 Description: Due to a lack of validation of the enctype form attribute when making POST requests to xmlrpc.cgi, a possible CSRF vulnerability was discovered. If a user visits an HTML page with some malicious HTML code in it, an attacker could make changes to a remote Bugzilla installation on behalf of the victim's account by using the XML-RPC API on a site running mod_perl. Sites running under mod_cgi are not affected. Also the user would have had to be already logged in to the target site for the vulnerability to work. References: https://bugzilla.mozilla.org/show_bug.cgi?id=725663 CVE Number: CVE-2012-0453 Approved by: skv (implicit) |
||
---|---|---|
.. | ||
artwiz-ru | ||
aspell | ||
bugzilla3-ru | ||
bugzilla-ru | ||
calligra-l10n | ||
d1489 | ||
eric4 | ||
fortune-bashorgru | ||
fortuneru | ||
gd | ||
gimp-help | ||
hunspell | ||
hyphen | ||
ircd-hybrid | ||
kde3-i18n | ||
kde4-l10n | ||
koffice-i18n | ||
koffice-kde4-l10n | ||
koi2koi | ||
koi8r-ps | ||
ksocrat | ||
libcyrillic | ||
MT | ||
mueller-dic | ||
muttprint | ||
mythes | ||
napster | ||
p5-Convert-Cyrillic | ||
p5-cyrillic | ||
p5-Lingua-DetectCyrillic | ||
p5-Lingua-RU-Charset | ||
p5-XML-Parser-encodings | ||
prawda | ||
pscyr | ||
rubygem-russian | ||
rubygem-rutils | ||
rus-ispell | ||
rux | ||
stardict-bars | ||
stardict-computer | ||
stardict-dal | ||
stardict-engcom | ||
stardict-mueller7 | ||
stardict-mueller7accent | ||
stardict-pc | ||
tac+ia | ||
tidyup-mail | ||
unzip | ||
wmcyrx | ||
wordpress | ||
xcode | ||
xcyrBGR | ||
xmms | ||
xpi-tabextensions | ||
xruskb | ||
Makefile | ||
Makefile.inc |