FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  360546
Date:      2014-07-04
Time:      06:38:23Z
Committer: swills

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
09c92f3a-fd49-11da-995c-605724cdf281WebCalendar -- information disclosure vulnerability

Secunia reports:

socsam has discovered a vulnerability in WebCalendar, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information.

Input passed to the "includedir" parameter isn't properly verified, before it is used in an "fopen()" call. This can be exploited to load an arbitrary setting file from an external web site.

This can further be exploited to disclose the content of arbitrary files by defining the "user_inc" variable in a malicious setting file.

Successful exploitation requires that "register_globals" is enabled.


Discovery 2006-05-30
Entry 2006-06-16
Modified 2006-06-17
WebCalendar
lt 1.0.4

18175
CVE-2006-2762
http://www.securityfocus.com/archive/1/435379
http://www.securityfocus.com/archive/1/436263
2b20fd5f-552e-11e1-9fb7-003067b2972cWebCalendar -- Persistent XSS

tom reports,

There is no sanitation on the input of the location variable allowing for persistent XSS.


Discovery 2012-01-11
Entry 2012-02-12
Modified 2012-02-13
WebCalendar
le 1.2.4

WebCalendar-devel
le 1.2.4

CVE-2012-0846
http://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870
72999d57-d6f6-11db-961b-005056847b26WebCalendar -- "noSet" variable overwrite vulnerability

Secunia reports:

A vulnerability has been discovered in WebCalendar, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to unspecified parameters is not properly verified before being used with the "noSet" parameter set. This can be exploited to overwrite certain variables, and allows e.g. the inclusion of arbitrary PHP files from internal or external resources.


Discovery 2007-03-04
Entry 2007-04-08
WebCalendar
lt 1.0.5

CVE-2007-1343
22834
http://sourceforge.net/project/shownotes.php?release_id=491130
http://xforce.iss.net/xforce/xfdb/32832
09c92f3a-fd49-11da-995c-605724cdf281WebCalendar -- information disclosure vulnerability

Secunia reports:

socsam has discovered a vulnerability in WebCalendar, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information.

Input passed to the "includedir" parameter isn't properly verified, before it is used in an "fopen()" call. This can be exploited to load an arbitrary setting file from an external web site.

This can further be exploited to disclose the content of arbitrary files by defining the "user_inc" variable in a malicious setting file.

Successful exploitation requires that "register_globals" is enabled.


Discovery 2006-05-30
Entry 2006-06-16
Modified 2006-06-17
WebCalendar
lt 1.0.4

18175
CVE-2006-2762
http://www.securityfocus.com/archive/1/435379
http://www.securityfocus.com/archive/1/436263
2b20fd5f-552e-11e1-9fb7-003067b2972cWebCalendar -- Persistent XSS

tom reports,

There is no sanitation on the input of the location variable allowing for persistent XSS.


Discovery 2012-01-11
Entry 2012-02-12
Modified 2012-02-13
WebCalendar
le 1.2.4

WebCalendar-devel
le 1.2.4

CVE-2012-0846
http://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870
72999d57-d6f6-11db-961b-005056847b26WebCalendar -- "noSet" variable overwrite vulnerability

Secunia reports:

A vulnerability has been discovered in WebCalendar, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to unspecified parameters is not properly verified before being used with the "noSet" parameter set. This can be exploited to overwrite certain variables, and allows e.g. the inclusion of arbitrary PHP files from internal or external resources.


Discovery 2007-03-04
Entry 2007-04-08
WebCalendar
lt 1.0.5

CVE-2007-1343
22834
http://sourceforge.net/project/shownotes.php?release_id=491130
http://xforce.iss.net/xforce/xfdb/32832