|Category:||FreeBSD Local Security Checks|
|Title:||FreeBSD Ports: WebCalendar|
|Summary:||FreeBSD Ports: WebCalendar|
|Description:||The remote host is missing an update to the system|
as announced in the referenced advisory.
The following package is affected: WebCalendar
PHP remote file inclusion vulnerability in includes/config.php in
WebCalendar 1.0.3 allows remote attackers to execute arbitrary PHP
code via a URL in the includedir parameter, which is remotely accessed
in an fopen call whose results are used to define a user_inc setting
that is used in an include_once call.
Update your system with the appropriate patches or
BugTraq ID: 18175|
Common Vulnerability Exposure (CVE) ID: CVE-2006-2762
Bugtraq: 20060530 WebCalendar-1.0.3 reading of any files (Google Search)
Bugtraq: 20060607 Re: WebCalendar-1.0.3 reading of any files (Google Search)
Debian Security Information: DSA-1096 (Google Search)
|Copyright||Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com|
|This is only one of 45261 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.