FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
2b20fd5f-552e-11e1-9fb7-003067b2972c	WebCalendar -- Persistent XSS tom reports, There is no sanitation on the input of the location variable allowing for persistent XSS. Discovery 2012-01-11 Entry 2012-02-12 Modified 2012-02-13 WebCalendar <= 1.2.4 WebCalendar-devel <= 1.2.4 CVE-2012-0846 http://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870
72999d57-d6f6-11db-961b-005056847b26	WebCalendar -- "noSet" variable overwrite vulnerability Secunia reports: A vulnerability has been discovered in WebCalendar, which can be exploited by malicious people to compromise a vulnerable system. Input passed to unspecified parameters is not properly verified before being used with the "noSet" parameter set. This can be exploited to overwrite certain variables, and allows e.g. the inclusion of arbitrary PHP files from internal or external resources. Discovery 2007-03-04 Entry 2007-04-08 WebCalendar < 1.0.5 CVE-2007-1343 22834 http://sourceforge.net/project/shownotes.php?release_id=491130 http://xforce.iss.net/xforce/xfdb/32832

VuXML ID

Description

2b20fd5f-552e-11e1-9fb7-003067b2972c

WebCalendar -- Persistent XSS

tom reports,

There is no sanitation on the input of the location variable allowing for persistent XSS.

Discovery 2012-01-11
Entry 2012-02-12
Modified 2012-02-13
WebCalendar

<= 1.2.4

WebCalendar-devel

<= 1.2.4

CVE-2012-0846
http://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870

72999d57-d6f6-11db-961b-005056847b26

WebCalendar -- "noSet" variable overwrite vulnerability

Secunia reports:

A vulnerability has been discovered in WebCalendar, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to unspecified parameters is not properly verified before being used with the "noSet" parameter set. This can be exploited to overwrite certain variables, and allows e.g. the inclusion of arbitrary PHP files from internal or external resources.

Discovery 2007-03-04
Entry 2007-04-08
WebCalendar

< 1.0.5

CVE-2007-1343
22834
http://sourceforge.net/project/shownotes.php?release_id=491130
http://xforce.iss.net/xforce/xfdb/32832