FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

WebCalendar -- multiple vulnerabilities

Affected packages
WebCalendar-devel <= 1.2.4

Details

VuXML ID 18dffa02-946a-11e1-be9d-000c29cc39d3
Discovery 2012-04-28
Entry 2012-05-02

Hanno Boeck reports:

Fixes [are now available] for various security vulnerabilities including LFI (local file inclusion), XSS (cross site scripting) and others.

References

CVE Name CVE-2012-1495
CVE Name CVE-2012-1496
URL http://archives.neohapsis.com/archives/bugtraq/2012-04/0182.html
URL http://packetstormsecurity.org/files/112323/WebCalendar-1.2.4-Pre-Auth-Remote-Code-Injection.html
URL http://packetstormsecurity.org/files/112332/WebCalendar-1.2.4-Remote-Code-Execution.html