Lucene search

FreeBSD09C92F3A-FD49-11DA-995C-605724CDF281

HistoryMay 30, 2006 - 12:00 a.m.

WebCalendar -- information disclosure vulnerability

2006-05-3000:00:00

vuxml.freebsd.org

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS

0.111

Percentile

95.2%

JSON

Secunia reports:

socsam has discovered a vulnerability in WebCalendar,
which can be exploited by malicious people to bypass
certain security restrictions and disclose sensitive
information.
Input passed to the “includedir” parameter isn’t properly
verified, before it is used in an “fopen()” call. This can
be exploited to load an arbitrary setting file from an
external web site.
This can further be exploited to disclose the content of
arbitrary files by defining the “user_inc” variable in a
malicious setting file.
Successful exploitation requires that “register_globals”
is enabled.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchwebcalendar< 1.0.4UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	webcalendar	< 1.0.4	UNKNOWN

References

www.securityfocus.com/archive/1/435379

www.securityfocus.com/archive/1/436263

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

EPSS

0.111

Percentile

95.2%

JSON

Related for 09C92F3A-FD49-11DA-995C-605724CDF281