FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
07ead557-a220-11da-b410-000e0c2e438aWebCalendar -- unauthorized access vulnerability

SecurityFocus reports that WebCalendar is affected by an unauthorized access vulnerability. The vulnerability is caused by improper checking of the authentication mechanism before access is being permitted to the "assistant_edit.php" file.


Discovery 2005-06-27
Entry 2006-02-20
WebCalendar
< 1.0.0

14072
CAN-2005-2320
09c92f3a-fd49-11da-995c-605724cdf281WebCalendar -- information disclosure vulnerability

Secunia reports:

socsam has discovered a vulnerability in WebCalendar, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information.

Input passed to the "includedir" parameter isn't properly verified, before it is used in an "fopen()" call. This can be exploited to load an arbitrary setting file from an external web site.

This can further be exploited to disclose the content of arbitrary files by defining the "user_inc" variable in a malicious setting file.

Successful exploitation requires that "register_globals" is enabled.


Discovery 2006-05-30
Entry 2006-06-16
Modified 2006-06-17
WebCalendar
< 1.0.4

18175
CVE-2006-2762
http://www.securityfocus.com/archive/1/435379
http://www.securityfocus.com/archive/1/436263
2b20fd5f-552e-11e1-9fb7-003067b2972cWebCalendar -- Persistent XSS

tom reports,

There is no sanitation on the input of the location variable allowing for persistent XSS.


Discovery 2012-01-11
Entry 2012-02-12
Modified 2012-02-13
WebCalendar
le 1.2.4

WebCalendar-devel
le 1.2.4

CVE-2012-0846
http://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870
60f8fe7b-3cfb-11da-baa2-0004614cc33dWebCalendar -- remote file inclusion vulnerability

WebCalendar is proven vulnerable to a remote file inclusion vulnerability. The send_reminders.php does not properly verify the "includedir" parameter, giving remote attackers the possibility to include local and remote files. These files can be used by the attacker to gain access to the system.


Discovery 2005-08-26
Entry 2005-10-15
Modified 2005-11-08
WebCalendar
< 1.0.1

14651
CVE-2005-2717
http://sourceforge.net/forum/forum.php?thread_id=1342085&forum_id=11587
72999d57-d6f6-11db-961b-005056847b26WebCalendar -- "noSet" variable overwrite vulnerability

Secunia reports:

A vulnerability has been discovered in WebCalendar, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to unspecified parameters is not properly verified before being used with the "noSet" parameter set. This can be exploited to overwrite certain variables, and allows e.g. the inclusion of arbitrary PHP files from internal or external resources.


Discovery 2007-03-04
Entry 2007-04-08
WebCalendar
< 1.0.5

CVE-2007-1343
22834
http://sourceforge.net/project/shownotes.php?release_id=491130
http://xforce.iss.net/xforce/xfdb/32832