FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  362910
Date:      2014-07-25
Time:      14:12:54Z
Committer: ohauer

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
36494478-6a88-11da-b96e-000fb586ba73kronolith -- Cross site scripting vulnerabilities in several of the calendar name and event data fields

Announce of Kronolith H3 (2.0.6) (final):

This [2.0.6] is a security release that fixes cross site scripting vulnerabilities in several of the calendar name and event data fields. None of the vulnerabilities can be exploited by unauthenticated users; however, we strongly recommend that all users of Kronolith 2.0.5 upgrade to 2.0.6 as soon as possible.


Discovery 2005-12-11
Entry 2005-12-11
kronolith
lt 2.0.6

http://marc.theaimsgroup.com/?l=kronolith&m=113433029822279&w=2
a8af7d70-8007-11db-b280-0008743bf21akronolith -- arbitrary local file inclusion vulnerability

iDefense Labs reports:

Remote exploitation of a design error in Horde's Kronolith could allow an authenticated web mail user to execute arbitrary PHP code under the security context of the running web server.

The vulnerability specifically exists due to a design error in the way it includes certain files. Specifically, the 'lib/FBView.php' file contains a function 'Kronolith_FreeBusy_View::factory' which will include local files that are supplied via the 'view' HTTP GET request parameter.


Discovery 2006-11-29
Entry 2006-11-30
kronolith
lt 2.1.4

http://lists.horde.org/archives/announce/2006/000307.html
36494478-6a88-11da-b96e-000fb586ba73kronolith -- Cross site scripting vulnerabilities in several of the calendar name and event data fields

Announce of Kronolith H3 (2.0.6) (final):

This [2.0.6] is a security release that fixes cross site scripting vulnerabilities in several of the calendar name and event data fields. None of the vulnerabilities can be exploited by unauthenticated users; however, we strongly recommend that all users of Kronolith 2.0.5 upgrade to 2.0.6 as soon as possible.


Discovery 2005-12-11
Entry 2005-12-11
kronolith
lt 2.0.6

http://marc.theaimsgroup.com/?l=kronolith&m=113433029822279&w=2
a8af7d70-8007-11db-b280-0008743bf21akronolith -- arbitrary local file inclusion vulnerability

iDefense Labs reports:

Remote exploitation of a design error in Horde's Kronolith could allow an authenticated web mail user to execute arbitrary PHP code under the security context of the running web server.

The vulnerability specifically exists due to a design error in the way it includes certain files. Specifically, the 'lib/FBView.php' file contains a function 'Kronolith_FreeBusy_View::factory' which will include local files that are supplied via the 'view' HTTP GET request parameter.


Discovery 2006-11-29
Entry 2006-11-30
kronolith
lt 2.1.4

http://lists.horde.org/archives/announce/2006/000307.html