FreeBSD VuXML

Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Security issues that affect the FreeBSD operating system or applications in the FreeBSD Ports Collection are documented using the Vulnerabilities and Exposures Markup Language (VuXML). The current VuXML document that serves as the source for the content of this site can be found:

in the FreeBSD Ports Collection repository, path ports/security/vuxml/vuln.xml
as a local copy
as a local copy, compressed with bzip2
as a local copy, compressed with xz
as a local copy, compressed with zstandard

Please report security issues to the FreeBSD Security Team at <ports-secteam@FreeBSD.org>. Full contact details, including information handling policies and PGP key, can be found on the FreeBSD Security page.

glpi

glpi at FreshPorts.org

Entered	Topic
2024-04-22	GLPI -- multiple vulnerabilities
	GLPI -- multiple vulnerabilities
	GLPI -- multiple vulnerabilities
2023-10-11	Account takeover through API in GLPI
	Account takeover via Kanban feature in GLPI
	Account takeover via SQL Injection in UI layout preferences in GLPI
	File deletion through document upload process in GLPI
	GLPI vulnerable to reflected XSS in search pages
	GLPI vulnerable to SQL injection through Computer Virtual Machine information
	GLPI vulnerable to SQL injection via dashboard administration
	GLPI vulnerable to SQL injection via inventory agent request
	GLPI vulnerable to unauthenticated access to Dashboard data
	GLPI vulnerable to unauthorized access to Dashboard data
	GLPI vulnerable to unauthorized access to KnowbaseItem data
	GLPI vulnerable to unauthorized access to User data
	glpi-project -- SQL injection in ITIL actors in GLPI
	Phishing through a login page malicious URL in GLPI
	Privilege Escalation from technician to super-admin in GLPI
	Sensitive fields enumeration through API in GLPI
	Unallowed PHP script execution in GLPI
	Users login enumeration by unauthenticated user in GLPI
2023-05-08	glpi -- multiple vulnerabilities
2020-10-22	glpi -- Insecure Direct Object Reference on ajax/comments.ph
2020-10-22	glpi -- Insecure Direct Object Reference on ajax/getDropdownValue.php
2020-10-01	glpi -- Any CalDAV calendars is read-only for every authenticated user
2020-06-25	glpi -- leakage issue with knowledge base
	glpi -- Multiple SQL Injections Stemming From isNameQuoted()
	glpi -- SQL injection for all usages of "Clone" feature
	glpi -- SQL Injection in Search API
	glpi -- Unauthenticated File Deletion
	glpi -- Unauthenticated Stored XSS
2020-05-09	glpi -- stored XSS
2020-03-30	glpi -- able to read any token through API user endpoint
	glpi -- bypass of the open redirect protection
	glpi -- Improve encryption algorithm
	glpi -- multiple related stored XSS vulnerabilities
	glpi -- Reflexive XSS in Dropdown menus
	glpi -- Remote Code Execution (RCE) via the backup functionality
	glpi -- SQL injection for all helpdesk instances
	glpi -- weak csrf tokens
2020-01-02	glpi -- Public GLPIKEY can be used to decrypt any data
2019-08-05	glpi -- Account takeover vulnerability
2012-02-10	glpi -- remote attack via crafted POST request
2009-01-28	glpi -- SQL Injection