FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
72999d57-d6f6-11db-961b-005056847b26WebCalendar -- "noSet" variable overwrite vulnerability

Secunia reports:

A vulnerability has been discovered in WebCalendar, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to unspecified parameters is not properly verified before being used with the "noSet" parameter set. This can be exploited to overwrite certain variables, and allows e.g. the inclusion of arbitrary PHP files from internal or external resources.


Discovery 2007-03-04
Entry 2007-04-08
WebCalendar
< 1.0.5

CVE-2007-1343
22834
http://sourceforge.net/project/shownotes.php?release_id=491130
http://xforce.iss.net/xforce/xfdb/32832
2b20fd5f-552e-11e1-9fb7-003067b2972cWebCalendar -- Persistent XSS

tom reports,

There is no sanitation on the input of the location variable allowing for persistent XSS.


Discovery 2012-01-11
Entry 2012-02-12
Modified 2012-02-13
WebCalendar
<= 1.2.4

WebCalendar-devel
<= 1.2.4

CVE-2012-0846
http://sourceforge.net/tracker/?func=detail&aid=3472745&group_id=3870&atid=103870