5 matches found
Fedora 27 : WebCalendar (2017-6abd55703b)
New upstream release. Fixes CVE-2017-10840 and CVE-2017-10841. Upstream moved from sourceforge to github. PHP = 5.3 required. Adjust httpd configuration to support PHP FCGI. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...
Fedora 26 : WebCalendar (2017-c9abeb3158)
New upstream release. Fixes CVE-2017-10840 and CVE-2017-10841. Upstream moved from sourceforge to github. PHP = 5.3 required. Adjust httpd configuration to support PHP FCGI. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...
Fedora 25 : WebCalendar (2017-26a53ccbdf)
New upstream release. Fixes CVE-2017-10840 and CVE-2017-10841. Upstream moved from sourceforge to github. PHP = 5.3 required. Adjust httpd configuration to support PHP FCGI. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...
CVE-2017-10841
CVE-2017-10841 affects WebCalendar 1.2.7 and earlier, with a directory traversal vulnerability that allows authenticated attackers to read arbitrary files via unspecified vectors. Affected software is WebCalendar (PHP-based calendar application); impact is partial confidentiality loss for targete...
JVN#23340457: Multiple vulnerabilities in WebCalendar
WebCalendar provided by k5n.us contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2017-10840 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N| Base Score: 2.6 Directory...