CVE-2006-4458
Published: 31 August 2006
Directory traversal vulnerability in calendar/inc/class.holidaycalc.inc.php in phpGroupWare 0.9.16.010 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in the GLOBALS[phpgw_info][user][preferences][common][country] parameter.
Priority
Status
Package | Release | Status |
---|---|---|
phpgroupware Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Released
(0.9.16.011-2)
|
|
feisty |
Released
(0.9.16.011-2)
|
|
gutsy |
Released
(0.9.16.011-2)
|
|
hardy |
Released
(0.9.16.011-2)
|
|
intrepid |
Released
(0.9.16.011-2)
|
|
jaunty |
Released
(0.9.16.011-2)
|
|
karmic |
Released
(0.9.16.011-2)
|
|
upstream |
Needs triage
|