webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
0effbb3569624f42550310689aaf94d726cd9d0e
bpfire/config
History
Peter Müller 0effbb3569 fix WebUI system information leak 
Disable unauthenticated access to cgi-bin/credits.cgi. The page
leaks the currently installed version of IPFire and the hardware
architecture.

Both information might make a successful attack much easier.

This issue can be reproduced by accessing https://[IPFire-IP]:444/cgi-bin/credits.cgi
and accepting a SSL certificate warning (if any).

Signed-off-by: Peter Müller <peter.mueller@link38.eu>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2017-09-04 12:25:23 +01:00
..
acpid
acpid: Forgot to commit config data.
2012-08-24 15:28:24 +02:00
amavisd
asterisk
asterisk addon: removed webif, cleanuped build scripts.
2014-07-01 11:08:17 +02:00
backup
imspector: Drop package
2017-05-22 20:03:01 +01:00
bash
Close console after 10 minutes idle.
2013-02-05 21:35:16 +01:00
bind
bind: Update to 9.9.5.
2014-07-05 13:43:25 +02:00
ca-certificates
ca-certificates: New package
2015-07-10 15:14:15 +02:00
cacti
cacti: Update to 0.8.8b.
2014-05-29 19:35:38 +02:00
calamaris
calamaris: Make decompressing large logs more memory-friendly.
2012-07-19 14:06:47 +02:00
cdrom
Corrected README.txt - english manual is available.
2010-06-07 23:17:32 +02:00
cfgroot
BUG11278: It is not possible to create subnets of internal networks in firewallgroups
2017-06-07 17:19:30 +01:00
clamav
client175
client175: update to 0.7.
2011-06-01 23:46:42 +02:00
collectd
collectd: Ignore *phys, macvtap* and vnet* interfaces
2016-07-13 16:55:29 +01:00
cron
unbound: Update trust anchor once a day
2016-08-06 15:20:07 +01:00
cups
cyrus-imapd
cyrus-sasl
dhcpc
dhcpcd: rework mtu handling on buggy nic's
2016-02-01 07:31:46 +01:00
dma
dma: Add script that cleans up stale emails in the spool directory
2015-08-25 22:02:31 +01:00
dracut
dracut: remove marvell sdio modules from initrd.
2016-02-08 13:53:13 +01:00
elinks
etc
serial-console: remove baudrate from inittab
2017-08-15 20:08:22 +02:00
extrahd
extrahd: Add UUID to table.
2010-12-10 13:29:23 +01:00
fbset
findutils
findutils: Cannot use exec here or the lockfile won't be removed
2014-08-24 15:22:04 +02:00
firewall
ipsec: Do not reject connections in on-demand mode
2017-03-24 13:24:42 +01:00
fstrim
fstrim: add daily cronjob.
2013-01-17 20:38:01 +01:00
fwhosts
Firewall: Add Services SSMTP and submission
2016-07-26 14:53:06 +01:00
gnump3d
gnump3d: fix perl version in plugin path.
2011-03-21 09:29:53 +01:00
grub2
grub2: add splashimage.
2014-09-06 17:15:05 +02:00
guardian
guardian 2.0: suggested cosmetic changes
2016-10-03 12:12:13 +01:00
haproxy
haproxy: Provide a better example configuration that works
2015-04-09 14:35:54 +02:00
hostapd
hostapd: update to 2.4
2015-04-11 22:03:03 +02:00
httpd
fix WebUI system information leak
2017-09-04 12:25:23 +01:00
icinga
icinga: Add new package.
2014-05-29 23:36:15 +02:00
include
linux-headers: use kernel 3.2.x headers.
2012-11-13 18:26:28 +01:00
initrd/dhcpc
Installer: Add installmedia download support.
2010-11-25 14:18:11 +01:00
kernel
kernel: Fix broken syntax in configuration file
2016-07-15 11:09:42 +01:00
lcdproc
lcdproc: Add default configuration files.
2013-05-27 20:00:31 +02:00
lcr
lib/firmware/brcm
remove not working wandboad wlan nvram files.
2015-02-20 16:52:53 +01:00
logwatch
mediatomb
menu
imspector: Drop package
2017-05-22 20:03:01 +01:00
miau
minidlna
New package: minidlna.
2012-08-08 10:48:55 +02:00
miniupnpd
miniupnpd should listen on green0 in default configuration
2017-05-22 20:03:01 +01:00
monit
monit addon: fixed start script links.
2014-07-23 10:30:14 +02:00
motion
mpfire
mpfire: add scenesat radio to webradio list.
2011-05-23 23:08:28 +02:00
mysql
nagiosql
netpbm
netpbm: update to 10.47.61
2016-10-14 00:05:55 +01:00
netsnmpd
nginx
Nginx: New package. Version 1.3.11.
2013-01-15 17:48:43 +01:00
openmailadmin
ovpn
openvpn: Fix wrong default port number.
2014-05-13 20:36:58 +02:00
owncloud
owncloud: changed used port to 1011
2014-07-10 19:24:50 +02:00
pam
php
Updated php (5.3.5).
2011-02-20 15:51:15 +01:00
phpSANE
postfix
profile.d
bash startfiles: Add file to make sure that all paths are available.
2012-11-15 13:50:36 +01:00
proxy
proxy: errorpage-css use the same red as other ipfire pages.
2011-01-08 14:51:49 +01:00
qemu
Qemu: add a group kvm to access /dev/kvm eaiser
2016-06-20 16:25:29 +01:00
qos
QoS: Enable IMQ multi queueing
2017-04-06 19:12:06 +01:00
rootfiles
strongswan: rootfile update
2017-08-30 19:03:25 +02:00
rpi-firmware
kernel: updated rpi and kirkwood config.
2013-09-06 13:06:09 +02:00
samba
samba: Show a simple example for default shares.
2014-06-12 16:31:43 +02:00
sane
sarg
sarg: Don't build user agent report.
2012-11-26 17:28:25 +01:00
shadow
shadow-utils: Create standard set of configuration files
2016-10-01 18:42:18 +01:00
snort
snort: update to 2.9.5.
2013-07-15 17:05:44 +02:00
squidclamav
squidclamav: Update squidclamav.conf to use and trust the proxy cache.
2013-07-02 21:25:14 +02:00
ssl
Applied patches for not using md5. Additionally, the root CA is no 4096 bits, host/clients are 2048 bits (both RSA). Openssl is now choosing the random seed automatically, removed the '-rand' parameter.
2015-03-17 20:42:41 +01:00
strongswan
strongswan: Create configuration for better interoperability
2015-02-11 15:15:47 +01:00
stunnel
stunnel: New package.
2014-04-25 12:42:52 +02:00
syslinux
installer: add option to disable grafic mode for grub.
2015-03-30 20:28:54 +02:00
sysstat
time
ntp: new enabled at default
2010-12-02 16:30:11 +01:00
tor
tor: New package.
2013-07-29 21:29:34 +02:00
transmission
transmission: New package.
2011-10-02 17:40:28 +02:00
u-boot
u-boot: uEnv.txt load initrd on sunxi boot.
2015-02-20 10:07:33 +01:00
udev
Use a better naming scheme for physical devices.
2016-12-31 14:05:56 +00:00
unbound
unbound: update dns hints and keys
2017-08-17 14:25:42 +02:00
updxlrator
Change case of the unit "bit" from "Bit" to "bit" in web UI
2016-07-20 16:46:23 +01:00
upnp
urlfilter
url-filter: Use upstream proxy when downloading blacklists
2015-06-16 14:39:26 +02:00
vdr
Drop vdr_vnsiserver5
2017-05-18 12:23:21 +01:00
vdradmin
vdradmin: Change VDR configuration directory.
2013-04-12 13:54:06 +02:00
vim
vim: Update to 7.4.
2013-10-04 14:52:44 +02:00
vsftpd
w_scan
w_scan: set output format to vdr 2.0.
2013-09-02 00:08:07 +02:00
wpa_supplicant
madwifi: removed.
2012-08-03 19:22:05 +02:00
xen-image
xen-image: fix kernel installation.
2016-09-13 19:37:58 +02:00
xinetd
xinetd: New package.
2013-08-18 16:20:59 +02:00
xtables-addons
xtables-addon: Build all matches and targets
2015-04-18 16:42:22 +02:00