FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

i2p -- Multiple Vulnerabilities

Affected packages
i2p < 0.9.14

Details

VuXML ID 13419364-1685-11e4-bf04-60a44c524f57
Discovery 2014-07-24
Entry 2014-07-28

The i2p project reports:

XSS and remote execution vulnerabilities reported by Exodus Intelligence.

Exodus Intelligence reports:

The vulnerability we have found is able to perform remote code execution with a specially crafted payload. This payload can be customized to unmask a user and show the public IP address in which the user connected from within 'a couple of seconds.'

References

URL http://blog.exodusintel.com/2014/07/23/silverbullets_and_fairytails/
URL http://geti2p.net/en/blog/post/2014/07/26/0.9.14-Release