FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
a8af7d70-8007-11db-b280-0008743bf21a	kronolith -- arbitrary local file inclusion vulnerability iDefense Labs reports: Remote exploitation of a design error in Horde's Kronolith could allow an authenticated web mail user to execute arbitrary PHP code under the security context of the running web server. The vulnerability specifically exists due to a design error in the way it includes certain files. Specifically, the 'lib/FBView.php' file contains a function 'Kronolith_FreeBusy_View::factory' which will include local files that are supplied via the 'view' HTTP GET request parameter. Discovery 2006-11-29 Entry 2006-11-30 kronolith < 2.1.4 http://lists.horde.org/archives/announce/2006/000307.html

VuXML ID

Description

a8af7d70-8007-11db-b280-0008743bf21a

kronolith -- arbitrary local file inclusion vulnerability

iDefense Labs reports:

Remote exploitation of a design error in Horde's Kronolith could allow an authenticated web mail user to execute arbitrary PHP code under the security context of the running web server.

The vulnerability specifically exists due to a design error in the way it includes certain files. Specifically, the 'lib/FBView.php' file contains a function 'Kronolith_FreeBusy_View::factory' which will include local files that are supplied via the 'view' HTTP GET request parameter.

Discovery 2006-11-29
Entry 2006-11-30
kronolith

< 2.1.4

http://lists.horde.org/archives/announce/2006/000307.html